1. Great tips and the plugin is definitely a must to help limit logins, as well as not using Admin or your e-mail address for user name. Thanks for sharing Jensguy and definitely hit the nail on the head with this one :)
    Janine Huldie recently posted…Kindergarten Finally…My Profile

  2. This freaks me out. While reading this I began to wonder why did I switch to WordPress?! I’m not sure if seeing a list of blocked login attempts would make me feel okay.

    Not that my login is any of the ones mentioned but my login was setup for me by the person who set up my blog and I hate it. I thought it couldn’t be changed, but you’re saying it can? How do I do this?

    Thanks for sharing Jensguy. I’ll be checking out that plugin.
    Jennifer | The Deliberate Mom recently posted…Extra, Extra, The Deliberate Mom Turns 4!My Profile

    1. You can create a second administrator account from the “Users” menu. Give it all the same information, except a different username. Use the account multiple times and when you are sure it fits your needs, delete the original admin account. Also, yeah, if you don’t have “Limit Login Attempts,” you need to get that post haste. ANd, yeah, it WILL freak you out just a bit.

    1. Yep, Jennifer was even freaked out when she proofread the post. I had to show her the log of attempted logins. It is information that she wishes she could unsee.

  3. Three points:

    1. I miss Blogger for this reason, mostly. One week into WordPress I got hacked. My WordPress wasn’t hacked, just my IP address which led to the site being blacklisted. Awesome stuff, getting a crash course in WP security issues while simultaneously learning what a blacklist entailed. BlueHost support was able to remove me from the blacklist and apparently it’s quite common, but it still scared the stinky stuff out of me.

    2. I purchased WordFence Security (there is a free version) based on the recommendations of multiple website gurus, but to be honest I don’t know anything about it and I fear I could do more harm than good if I tinker. I need to get a crash course in it (feel free to teach me Obi Wan). :)

    3. Using Sherlock memes = I will always respect your opinion and take your advice!

    P.S. How do you change your username? My transition person set it up, and I honestly didn’t know you could change it.

    Great article, JensGuy!
    Sarah Nenni Daher recently posted…Thank Goodness It’s Thursday Link PartyMy Profile

    1. Yeah, Wordfence is good, but as I mentioned there is a tradeoff with rock solid security and site load times. Your site ssems to load up pretty well, so I suspect it is installed correctly.

      As I mentioned to Jennifer, you can create a new admin account with the same info (different username) and use it for a while BEFORE deleting the old account you don’t want anymore.

      Love Sherlock, but it is starting to lose some steam. . .

      1. I hadn’t heard of this. I get spam, but I hadn’t considered hackers. I see that the commenter above said she misses Blogger. Does that mean that Blogger doesn’t get hacked or that some of these things don’t apply to Blogger?
        normaleverydaylife recently posted…Motivational Monday #107My Profile

        1. Blogger is a bit more secure as all of the sites are on the same domain and the security is handled by Google. That doesn’t mean you can’t be hacked, especially by the “social engineering” approach that I spoke of. But Google engineers handling security is greater than you or I handling security. But at the level our sites are at, we should be able to do pretty well for ourselves.

  4. Wait, what? I was too busy looking at Sherlock and Watson.
    Just kidding.
    Stuff freaks me out big time! I switched hosting recently to a company that specializes in security too. It’s been eye opening, but I do feel very protected right now.
    Tamara recently posted…Game Day Prep.My Profile

    1. No love for Moriarty? Yep, talk about freaked out I feed my children by providing security. The iCloud hack made me feel very small and alone indeed. For the record, however, I have always encouraged clients NOT to rely on the iCloud as much as Apple wants them to. I have never thought that Apple has really taken the security thing as serious as it should.

  5. You won’t be sorry! Make sure you check the logs every once in a while to get a feel if you need to do a little more. Also, How about them Dolphins! You guys must be going crazy!

  6. Last month for three consecutive weeks I was getting a minimum of 60 attempts a day from hackers! UGH! Security is a must! I remember before I secured everything how nervous I was, if you aren’t secure it’s not a matter of if, but when. Haha the Sherlock gifs are hilarious!
    Heather {Woods of Bell Trees} recently posted…Mini PinatasMy Profile

  7. So scary….I have mine set up so that I get a text message with a code if there’s an attempt to login on a computer that hasn’t been logged into before. Still, this makes me paranoid!
    Rebecca recently posted…My Son, the Snob.My Profile

  8. A great post although I could feel myself breaking out into a sweat as I read this post. It had never occurred to me that someone might try to hack my blog, just for the sheer hell of it. I did sort out the main user name when I first set up my blog and change my password pretty regularly, so at least I have those steps covered!

    Can I ask a daft question?…How can you tell if your site has had an attempted hack? As I have no idea what to look for….Thank you.
    Debbie recently posted…Debs Diary: A Glimpse Into My Life…#4My Profile

Leave a Comment