A few weeks ago, our websites were under attack by a group of hackers.
They were using a "brute force" attack method, which involves repeatedly trying to guess our passwords, to the tune of over 100 requests per minute.
Aside from the security risks if you don't have strong passwords in place, this also slows your websites to a complete halt.
And that's what happened to us.
Our prospects, customers and clients could no longer access our websites.
We lost a ton of sales from potential customers, and luckily our customers are awesome so they understood completely - but it still threw a spanner in the works!
Eventually after trying multiple methods over a week of trial and error, we fixed this annoying issue for good.
In this blog post, I'd like to share exactly what we did in case you have a similar problem - and also to prevent it happening to you in the future.
Step #1 - Install The "Brute Protect" Plugin (Free)
It was impossible to access our own websites throughout most of the day, but occasionally there would be a 10-minute window where we could access our website without any issues.
And no, we're not getting paid to endorse them - it's just the plugin which worked well for us - and it's free!
This plugin automatically blocks known hackers from accessing your website in the first place, discovered other people using the plugin. It also intercepts new hacking attempts, too.
It's the equivalent of having your own security guard on patrol 24/7.
Pretty cool stuff!
Step #2 - Make Your Passwords Stronger
Luckily for us, we always create strong passwords so this wasn't an issue.
But if you currently use short passwords without any numbers or symbols, listen up...
You need to visit the Strong Password Generator website (again, it's a free online tool) and click the button to generate a stronger password.
Be sure to keep this password somewhere safe - maybe copy and paste it into a document somewhere safe.
Step #3 - Add A Captcha To Your Forms
Brute force hackers use an automated script/"robot" to continually guess your passwords.
However, you can stop them submitting their guesses altogether by using this free Captcha plugin.
This plugin adds a simple math puzzle to your login forms and comment forms (if you wish), meaning the automated robots get confused at the puzzle and can no longer submit their guesses.
See the screenshot to the right to see how it looks.
Just be sure to brush up on your math skills, as some of them test your brain a little (which isn't necessarily a bad thing!).
So with these 3 steps, we've blocked known hackers from accessing your website in the first place, and if they do get through, they can't get through the captcha system, and if they do somehow get through that, your passwords are nearly impossible to guess.
Now your business is safe, you can focus more of your energy on growing it 😀
To better security!
- James Francis.
P.S. For the hardcore security enthusiasts, this page from the WordPress folks should help with some additional security measures. But personally I feel it's a little overkill unless your business is attracting a lot of attention (i.e. over $5k profit per month).
P.P.S. Have you had any experiences like this? Share them in the comments section below!