Bulletproofing Your WordPress Site Against A Brute Force Attack

Security, WordPress

A brute force attack involves trying any and all combinations of commonly used passwords to gain access to an account or access to the administration section of your WordPress site. WordPress is one of the most commonly used frameworks for building websites today. Therefore, it should be no surprise that it is also one of the most commonly hacked as well. We believe that this threat warrants a list of tips, that when used, can thwart any attempts to gain access to your website.


Managed Hosting Services Get more information on Managed Services and keep your WordPress site secure.


How can you protect yourself against these type of attacks on WordPress?

    Once you have installed WP on your account, you will want to log into it by visiting Here you will be asked for your username and password to access the administration section. Navigate to the ‘Add New’ User section found at Although the WordPress minimum requirement is only 7 characters, Lunarpages recommends passwords of at least 12 characters. You will also want to be sure to select Administrator as the role for this new user from the dropdown menu at the bottom.Once you have created this new user, navigate to, hover over the original Admin user and select ‘Delete’. If you have posts that were created by the ‘Admin’ user, you will be asked what you want to do with them when you are deleting this user. These posts are commonly re-assigned to the new user you just created.
    You will want to update your new user’s password every 90 days. Be sure to keep a record of passwords used, and do not repeat them. Always create new passwords when updating. We list deleting the admin user and updating passwords regularly as the most important factors since these are the main focus of a brute force attack. Do not use passwords like: admin, admin123, administrator, pass, password, password1, passwd, root, qwerty, q1w2e3, 000000, 123456, 987654321. If you are having trouble creating a strong password, consider a service such as those found at and Additionally, if you have multiple users on your website, either set up a schedule for all to see that requires regular updates to passwords or let them know that you will be making the updates and will provide them with new ones regularly.
    There are a number of quality plugins that you can take advantage of for free from Here is a short list to get you started:

    Found in all control panels available through Lunarpages, password protecting your login page is another secondary effort that you can make. Look for the following icons in your control panel.
    We realize that building a website can be difficult. For those that need to focus on running their business, or simply do not have the time needed to stay on top of updates, we offer our Managed Hosting services to all levels of hosting plans. For more information how Managed Hosting can help your site and free up valuable time for you, please visit  Managed hosting.
Share Article

Related Articles

Getting Your Business Online with WordPress

Every business needs a website and WordPress is an easy way to get take your business online.

Read Article

How To Use Hidden WordPress Shortcodes

You may have heard about all the nifty things you can do with ‘shortcodes,’ like embedding files or creating objects. Shortcodes were introduced in…

Read Article

Step-by-Step Guide To WordPress Theme Installation

Don’t know much about coding, web design and development but want to showcase your business online? You’ve come to the right place. After reading…

Read Article