WordPress Brute Force Attacks: Should You Be Worried?

I had already written a new post about the importance of WordPress maintenance when I started reading reports about WordPress websites being the target of a massive brute force attack.  The fact that the attack is being reported as larger than usual and claiming the attack is being carried out by a botnet with over 90,000 IP addresses just sounds scary. But there is absolutely no reason for mass hysteria regarding WordPress installations, and here’s why.

• Installations using the username ‘admin’ are at risk
• Those installations using the ‘admin’ username and an unsafe password. 

I’ve written here before about using unique usernames and passwords, so if you’ve taken my advice, you’re already protected from 99% of all brute force attacks.  If you haven’t, log into your dashboard and create a new user with a secure username and password. (See my prior post for tips for secure usernames and passwords)  Then once you’ve created the new user with administrator privileges, log into your dashboard with it and delete the admin user.

Not sure what I meant by unsafe passwords?  Here is an example of some popular but very unsafe passwords:

1. password
2. 123456
3. abc123
4. qwerty
5. Monkey
6. Letmein
7. Dragon
8. 111111
9. Baseball
10. Iloveyou
11. Trustno1
12. Sunshine
13. Master
14. 123123
15. Welcome
16. Shadow
17. Football
18. Jesus
19. Ninja

This doesn’t mean you shouldn’t take further precautions to secure your WordPress website. If you read the Is it Safe? post I gave you more ideas.  Plus, it’s vitally important to keep your WordPress website up to date.

If you’re taking proper care and precautions with your WordPress website you can rest easy knowing that you’ve got plenty of protection against brute force attacks.