The wp-admin access, where you enter your username and password, is heavily attacked by bots to get access to our WordPress and then do whatever the bot is programmed to do.
I’ll tell you my case of attempted hacking
It all starts one morning, it always starts in the morning, mainly because the bots don’t sleep, well the thing is that I start getting alerts in my mail that they were subscribing to my blog, in principle with the “subscriber” profile.
After the surprise, I go to WordPress and see that I have 15000 subscribers, when in theory no one can subscribe, I take a look and in principle, there is nothing else.
I continue scanning with a security plugin and I don’t see anything strange either.
After checking the wordpress with a plugin, I go through ftp and if I found a strange file, I automatically delete it, keep looking and at first sight there is nothing more.
I go to take a coffee, very important to clear.
When I go back to my laptop, I see that more alerts are coming from new subscribers, this means that at some point there is a bug, plugin, theme or the server itself, wherever there is a problem, so I decide to do the fastest thing to change the access to /wp-admin/, which is the access point of that bot
Plugin needed to change wp-admin
First I have to say that this can be done without a plugin, but for those who don’t know or don’t feel like doing it manually, there are several plugins that do it for you, I personally use and recommend WPS Hide Login.
Because I use WPS Hide Login , because of its simplicity.
Conclusion about security in WordPress
No matter how basic or simple your blog is, you should take into account the following recommendations:
- All updated, plugins, themes and WordPress itself
- And plugins that guarantee the security of your WordPress. Not a security plugin, but one that guarantees security, as is the plugin I’m going to tell you about a little further down.
Apart from this, it is also interesting to have a safe and reliable hosting, although this is always linked to the resources we have available.