There is no point in having an array of locks at your disposal, if you do not use them, or don’t know how to use them to safeguard your property. In the case of information, especially your private information, a heavy duty lock is what you need at all times. To protect, in this case, a repository of valuable information, it is important to have a good lock and ensure that it is fixed strongly to the door. Likewise, a website is only as strong as the password and login page. And that is in your hands, to a large extent.
To help protect your website, there are two basic requirements: (i) safeguard your password; and (ii) secure the login screen. There are a plethora of plugins that are helpful in this endeavour. Login LockDown is one such plugin; it blocks users who attempt to guess the password to your website. Another such app is the Google Authenticator which reduces the chance of a security breach even further. The most common method of ensuring the safety of the login screen is with the use of Captcha.
Login LockDown
Login Lockdown registers every failed login attempt and the corresponding IP address. After three attempts, it blocks all further login attempts from said IP for an hour. These are the default settings, and the time and number of attempts may be altered to suit your specific requirements. It is a good tool in preventing unauthorised access by someone close to you, who may be able to guess the password.
While this plugin is ideal for securing the safety of your WordPress site, it is not advisable for people who tend to forget passwords. After you login successfully, you can unblock the blocked IPs from the Dashboard.
With this plugin, you can easily find out the IP address that launched the unsuccessful login attempts on your site; and possibly even trace the IP address to the source. But the user must beware: the plugin may malfunction if other plugins interfere with its working.
You can download the plugin here
Google Authenticator
For smartphone savvy people, who require seamless connectivity to their WordPress sites the Google Authenticator is the ideal plugin for additional safety. Once you setup the plugin, you need to install the Google Authenticator app which is available for smartphones such as Android, Blackberry and iOS-based devices. The app works in conjunction with the plugin to make your login process much more secure.
Normally, passwords can be cracked by means of brute force attack. If you use Google Authenticator then it renders the possibility of password compromise moot. When a person breaks into your account with the password, the screen asks for the Google Authenticator password. This password is available only to you provided you have the app installed on your smartphone.
Even if a hacker figures out your username and password, it will be nearly impossible to determine the unique code provided by the Google Authenticator as you will be the only person who has access to the code. Not only that, the code is time-bound and expires in a short interval of time. That’s why it is nearly impossible to access a WordPress website that has been adequately protected by plugins such Google Authenticator.
One disadvantage of the Google Authenticator is that it necessitates the use of a smartphone in conjunction with a computer system. It cannot be used independently.
You can download the plugin here
Captcha
Captcha is one the most simple and most effective ways to improve the security of a site. More than one plugin on WordPress uses Captcha to protect the site from spam and bot attacks. The use of Captcha eliminates the possibility of brute force attack, in the process greatly decreasing the likelihood of falling to cyber-attacks.
Different types of Captcha
Normal Captcha is available in WordPress, this plugin can be applied to the login page, reset password screen and comment forms.
There are also other types including SI Captcha that specialises in prevention of spamming by automated bots, Sweet Captcha that adds colour to your site. There is an Invisible Captcha plugin that prioritizes the protection of comments from spam. For users who require puzzle and intrigue in their Captcha, there is Enmask Captcha.
Finally, just remember…
Plugins may well save the day for you, but there is no substitute for a strong password that comprises of dual case characters, numbers and special characters in no specific order. Should your site ever get compromised, the first course of action is to use the ”forgot password” option, login with the new password and change it immediately.
Be prepared! Be safe!
If you enjoyed this post, make sure to subscribe to WP Mayor’s RSS feed.
One Response
I’m using SI Captcha. It saved me a lot from bruteforce attack. But these peoples keep coming again and again even if they’re in the blocked list.