How to Avoid a Brute Force Attack on Your blog

I am going to assume you do not know what a brute force attack is, hopefully you have never encountered one and touch wood you will never ever have to go through the process of having to clear up the mess after being involved in an attack.

brute force attack 2To put it simply, a brute force attack is where someone hacks into your account, makes changes to your content or worse still- deletes everything. Quite honestly it makes me feel sick to my stomach the very thought of this happening – but it does happen. Just recently I saw it happen to someone and they are still trying to pick up the pieces.

If you read my post showing you how to back up your blog then you will know the importance of making a back up regularly. This ensures you have a copy should anything happen to your blog. However, a brute force attack can leave you locked out of your blog, unable to reinstate the content. It may mean abandoning your blog altogether.

What can you do to prevent this from happening to you?

Now, I have not read anything to suggest that this happens on Blogger, it seems to be more common on WordPress sites- possibly as bloggers will more than likely be self hosted, therefore more vulnerable.

  • The first step to becoming secure is to choose a great password (this is applicable to everyone, not just WordPress users). Choose something that would be almost impossible to guess- I use a phrase rather than a word.
  • Secondly, make sure you have the ‘All in one WP Security’ plugin installed- this will take you through various options to make your site safer.
  • Lastly – and most importantly- within the all in one security there is an option to rename your wp-admin. I used to have a plugin for that but it is un-maintained now so I don’t trust it! You can do the same within the security dashboard.

When you log in to wordpress you type in right? and that brings up your login window.

11080529_10155326454285176_5247450169472813325_oThe problem is, /wp-admin is the default for every wordpress user out there. This makes hacking into your site just that little bit easier. What you want to do is hide that login page so that only you know where it is!

So what will the hackers see?

If anyone should try and go to your original extension of /wp-admin then they will be met with this screen…

10847537_10155326510440176_2390714074543418028_oThe only way anyone will be able to get to your dashboard will be to know the secret extension- and hopefully the only person who knows that is you.

Have you been a victim of hacking?

Blog (1)


The List

Find Katy on Facebook, Twitter, Youtube, Pinterest and Instagram for more!

Katy is a wife, mum of three and professional blogger. Her blog, What Katy Said, aims to inspire other mums to get organised and make the best out of every day.


  1. Thanks for this; I’ll be checking out the suggested plugins. I can’t even begin to imagine the horrors of having this kind of attack; my word … that someone would even consider doing this to someone else is mind boggling. Thanks loads. #aNoviceMumTwitterFeed

        1. Ooh err, not sure why that would happen! Maybe it is your theme just doesn’t allow it. Just make sure your password is great and you should be fine xx

  2. Ooh great post – I’d not even thought anyone would be arsed to hack my blog but what if they were?!? Some fab tips, I’ll make sure I follow asap!

    Thanks for linking up xxx #TheList xxx

  3. Wow I never really gave blog security much thought – thanks so much for posting this and for the great plugin tips – I will definitely be installing these eek! x

    1. Hi lovely, the reason is because you are not self hosted- you have a account and therefore have limited abilities in your dashboard. Don’t worry though, being with wordpress in this way means you are fully protected as they will be in charge of the admin and security. If you ever switch to self hosted wordpress you would have more options in your sidebar xxx

  4. This is great. Thank you. I will do this straightaway. I did wonder about the admin bit. It is so easy to find and then the username always pops up so it is down to one password. You may have saved many blogs.

  5. Such great tips listed here and I am making note of them and trying to go do the plugin to rename my log in area right now and a harder password too. To start protecting myself. I already use a plugin to back up but who knows if they could delete that too. I dont know what I would do working so hard every day for past two years I can’t even imagine. Thank you for sharing your knowledge.

Leave a Response

Read previous post:
My Captured Moment #12

I am linking up with the lovely Heledd from Running in Lavender for her fab linky 'My Captured Moment'. The idea...