I’ve been receiving tons of notifications about bad login attempts from users. Should I be worried? I’m currently using iThemes security. Thanks, Ashley!
Hi Della! People are going to try to gain access to your blog for malicious reasons. That’s just a fact. If people are trying to do so and failing, that’s ultimately a good thing. The only thing you can really do to prevent this is set up htpasswd to further protect your login area… but that can be quite complicated if you’re not really familiar with hosting/code. Basically what that method does is set up a second username/password that people have to get right BEFORE they even get to WordPress. That’s what I use on my blog and since no one gets past the first layer of security, I never have any login attempts on my blog (since they never pass the first layer to even attempt the second layer).
However, if you’re getting a ton of failed login attempts, it can certainly make you feel uneasy. The important thing to do is just make sure you’re protected. Ask yourself these three questions:
- Is your login name something other than “admin” and something other than the name/URL of your blog?
- Is your password extremely long, complex, and impossible to guess? Is it not a dictionary word?
- Do you have something in place to prevent brute forcing? Such as a plugin that locks people out after x failed login attempts?
If you can answer YES to all three of those questions, then try not to worry. People WILL try to login to your blog, but as long as you’ve taken steps to protect yourself, they most likely won’t be able to get in. It won’t stop them trying, but you should be able to rest easy knowing that they won’t guess your password and they will be locked out after a few failed attempts anyway.
However, if you CAN’T answer YES to all of those questions, then you need to take those measures to protect your blog so you won’t get hacked.