WordPress Brute Force Attacks: Should You Be Worried?

I had already written a new post about the importance of WordPress maintenance when I started reading reports about WordPress websites being the target of a massive brute force attack.  The fact that the attack is being reported as larger than usual and claiming the attack is being carried out by a botnet with over 90,000 IP addresses just sounds scary. But there is absolutely no reason for mass hysteria regarding WordPress installations, and here’s why.

  • Installations using the username ‘admin’ are at risk
  • Those installations using the ‘admin’ username and an unsafe password

I’ve written here before about using unique usernames and passwords, so if you’ve taken my advice, you’re already protected from 99% of all brute force attacks.  If you haven’t, log into your dashboard and create a new user with a secure username and password. (See my prior post for tips for secure usernames and passwords)  Then once you’ve created the new user with administrator privileges, log into your dashboard with it and delete the admin user.

Not sure what I meant by unsafe passwords?  Here is an example of some popular but very unsafe passwords:

  1. password
  2. 123456
  3. abc123
  4. qwerty
  5. Monkey
  6. Letmein
  7. Dragon
  8. 111111
  9. Baseball
  10. Iloveyou
  11. Trustno1
  12. Sunshine
  13. Master
  14. 123123
  15. Welcome
  16. Shadow
  17. Football
  18. Jesus
  19. Ninja

This doesn’t mean you shouldn’t take further precautions to secure your WordPress website. If you read the Is it Safe? post I gave you more ideas.  Plus, it’s vitally important to keep your WordPress website up to date.

If you’re taking proper care and precautions with your WordPress website you can rest easy knowing that you’ve got plenty of protection against brute force attacks.


Tina Marie Hilton provides online technology services to forward thinking businesses. She writes on her Tips from T.Marie business blog to share insight and information with other small businesses and entrepreneurs. It also makes her feel like that certificate in creative writing isn't going to waste completely.


  1. […] (Read more…) […]