WordPress brute-force cracking prevention: Security plug-ins and the use of. htpasswd to protect the WordPress Control Panel

Bloggers who are using Wordpress must be aware of the recent rise of a wave of hackers locking Wordpress brute force cracking control panel passwords around the world. According to Matthew Prince, CEO of CloudFlare, the so-called brute-force password attack is to enter the admin name, and then try to enter thousands of passwords to log on.

The attacker first scanned the Wordpress website on the Internet, and then attempted to log on to the management interface using the username and password of the botnet established by the Web server. The attacker used more than 90 thousand Web servers this time, because servers have higher bandwidth and connection speeds than PCs, they can launch attacks faster.

The default name for logging on to the WordPress background is admin. Many friends directly use admin as the administrator password after installing Wordpress, so this gives some people the opportunity. Although WP security is strong enough, brute-force cracking may affect normal access to Wordpress even if it fails, increasing the running pressure on the server.

This article will share with you how to prevent Wordpress background brute-force cracking: Install the WordPress Security plug-in and use. htpasswd to protect the Wordpress control panel. Wordpress Security plug-ins can not only prevent brute-force cracking, but also detect the current WP security vulnerabilities and help you improve your performance.

. Htpasswd is a verification file used to restrict access to server files. htpasswd: You can request a password for the wp-admin folder and file to access the Wordpress control panel. This greatly improves the security of the Wordpress control panel and prevents brute force password cracking.

WordPress brute-force cracking prevention: Security plug-ins and the use of. htpasswd to protect the Wordpress Control Panel

I. Better WP Security all-embracing Wordpress Security plug-in

1. Better WP Security official website:

• 1. WP Official Website: http://wordpress.org/extend/plugins/better-wp-security/

2. You can directly install Better WP Security from the background, or download it from the official website before uploading and installing the plug-in.

3. If you run Better WP Security for the first time, you will be prompted to back up the database. The backup will be sent to your administrator's mailbox.

4. The second item will prompt you if you want to allow Better WP Security to modify the Wordpress core file. The tribe chooses "NO". You can consider it as needed.

5. The third option is to enable security protection with one click or customize security settings.

6. For custom security settings, you will be redirected to the status page to see some of your current WP security problems. Click "Click here to Fix" next to the security question to Fix it.

2. Better WP Security blacklist, regular backup, Security path, and logon count limit

1. Better WP Security has the blacklist function. You can shield some IP addresses or search engines from accessing your Wordpress.

2. The timed backup function allows you to automatically back up WP and send the backed up files to your administrator's mailbox.

3. The secure path function allows you to modify the login, background, registration, and other paths of your Wordpress to prevent strangers from violent guesses about the user name and password.

4. The Better WP Security logon count limit is a good function to deal with brute force cracking on the Wordpress background control panel. Once a background logon error exceeds the specified number, the IP address will be stopped and can be logged on only after a period of time.

Iii. Powerful Wordpress Security plug-in with BulletProof Security

1. Official website of BulletProof Security:

• 1. WP Official Website: http://wordpress.org/extend/plugins/bulletproof-security/

2. BulletProof Security is also a Wordpress Security plug-in similar to Better WP Security mentioned above. Powerful functions, easy to operate, and can be enabled with one click. (Click to enlarge)

3. BulletProof Security: You can view the Security status of your WP in the Security status.

Iv. Problems arising from the use of Wordpress Security plug-ins

1. Wordpress security class plug-ins mostly enhance Wordpress security by modifying wp-config.php and. Htaccess files.

2. Once these security plug-ins are uninstalled, if the traces modified by the previous Wordpress Security plug-ins are not cleared, it is likely to cause WP running errors.

5. Use. htpasswd to protect the Wordpress Control Panel

1. Installing the Wordpress Security plug-in is a simple and quick way to enhance Wordpress security. It is especially suitable for beginners who are "lazy" or are not very familiar with code operations.

2. Generate htpasswd online:

• 1. htpasswd generation: http://www.htaccesstools.com/htpasswd-generator/
• 2. It is difficult to create a. htpasswd extension in Windows. You can download the. htpasswd file.
• Http://up.2cto.com/2013/0417/20130417124547251.zip

3. On the. htpasswd online generation page, enter the user name and password.

4. After submission, you will get a string of code.

5. Copy the code to your. htpasswd file and save it. If not, create one by yourself. Upload to the root directory of your website.

6. Add the following code to the. Htaccess file under your wp-admin directory. You can create one without this file.

AuthUserFile /home/wwwroot/freehao123/public_html/.htpasswdAuthType BasicAuthName "restricted"Order Deny,AllowDeny from allRequire valid-userSatisfy any

7. AuthUserFile is the absolute path of your. htpasswd file. You need to change it to your own.

8. When someone else wants to access your wp-admin directory, a prompt asking for user name and password verification will pop up.

9. According to the tribal test, if you set all files in the wp-admin directory to be accessed only after verification, verification is required during access to the Wordpress foreground.

10. It is assumed that some files in the wp-admin directory are called on the Wordpress page to request verification. The solution is to specify the file to be verified in. Htaccess.

11. Put the following code under the root directory of your website. Htaccess can achieve access to the wp-login.php to verify control.

AuthUserFile /home/wwwroot/freehao123/public_html/.htpasswdAuthType BasicAuthName "restricted"Order Deny,AllowDeny from allRequire valid-userSatisfy any

12. If you want to control other files, replace your own files.

Vi. Wordpress brute-force cracking prevention Summary

1, Wordpress brute force cracking prevention of the simplest way is to install WP Security plug-in, comprehensive protection, and do not need to modify the code, General wp-config.php and. Htaccess settings 755 can read and write.

2. htpasswd can be used to verify the user name and password for accessing a specific page, not only on Wordpress, but also on other blogs, forums and other programs.

Article by: free resources tribe http://www.freehao123.com/