I am going to assume you do not know what a brute force attack is, hopefully you have never encountered one and touch wood you will never ever have to go through the process of having to clear up the mess after being involved in an attack.
To put it simply, a brute force attack is where someone hacks into your account, makes changes to your content or worse still- deletes everything. Quite honestly it makes me feel sick to my stomach the very thought of this happening – but it does happen. Just recently I saw it happen to someone and they are still trying to pick up the pieces.
If you read my post showing you how to back up your blog then you will know the importance of making a back up regularly. This ensures you have a copy should anything happen to your blog. However, a brute force attack can leave you locked out of your blog, unable to reinstate the content. It may mean abandoning your blog altogether.
What can you do to prevent this from happening to you?
Now, I have not read anything to suggest that this happens on Blogger, it seems to be more common on WordPress sites- possibly as bloggers will more than likely be self hosted, therefore more vulnerable.
- The first step to becoming secure is to choose a great password (this is applicable to everyone, not just WordPress users). Choose something that would be almost impossible to guess- I use a phrase rather than a word.
- Secondly, make sure you have the ‘All in one WP Security’ plugin installed- this will take you through various options to make your site safer.
- Lastly – and most importantly- within the all in one security there is an option to rename your wp-admin. I used to have a plugin for that but it is un-maintained now so I don’t trust it! You can do the same within the security dashboard.
When you log in to wordpress you type in www.yourblogsite.com/wp-admin right? and that brings up your login window.
The problem is, /wp-admin is the default for every wordpress user out there. This makes hacking into your site just that little bit easier. What you want to do is hide that login page so that only you know where it is!
So what will the hackers see?
If anyone should try and go to your original extension of /wp-admin then they will be met with this screen…
Have you been a victim of hacking?