![\"Hello](\"http:\/\/www.crimsondesigns.com\/blog-images\/website-hacker-at-work.jpg\")
<\/p>\n<\/p>\n
<\/p>\n
Picture yourself at a party.<\/p>\n
Someone\u00a0walks up to you and says, \u201cHello. My Name is Admin.\u201d<\/strong><\/p>\n Of course, it sounds absurd. You would probably\u00a0burst out laughing.\u00a0No one would ever name their child \u201cAdmin,\u201d<\/strong> you think to yourself.<\/p>\n It would be unheard-of. It would be cruel. They would be the butt of every joke.<\/p>\n Now picture that same party where “Admin”<\/strong> naively walks up to a hacker. Not only would the hacker not find the name to be absurd, the name would be absolutely intriguing. \u201cTell me more,\u201d<\/strong> the hacker would say, leaning in with his undivided attention.<\/p>\n In reality, Admin is not a real name (hopefully), but it is used ridiculously often as a username to log into a website… \u00a0especially a WordPress website.<\/p>\n If you\u2019re a business owner with a\u00a0WordPress website,<\/a> are you familiar with the usernames you have listed in the Dashboard? Be honest. Have you been to your website lately? Have you logged into your WordPress Dashboard<\/a> in the past month\u2026 or do you leave that job to someone else?<\/p>\n Gosh. That hacker you met at the party seemed like a nice guy. He probably didn\u2019t say, \u201cHello. My Name is Hacker\u201d<\/strong> to clue you into his malicious intentions.<\/p>\n How could you possibly have known\u00a0that he went straight to\u00a0his computer after the party, found your website and hacked into it while you were sleeping? Sadly,\u00a0you woke up the next day and still knew nothing about it.<\/p>\n A \u2018brute force\u2019 login attack is a type of website attack used to gain access by guessing the username and password over and over again. A website may be\u00a0systematically bombarded with username and password combinations until a successful login occurs.\u00a0The hacker often runs a script that uses\u00a0automatically generated passwords at a rate of thousands of times per minute.<\/p>\n WordPress websites are often targets of Brute Force Attacks for the mere fact that WordPress is a popular CMS. Being popular, makes it an enticing target for hackers.<\/p>\n Read WordPress Brute Force Attacks are at An All-Time High<\/a>.<\/p>\n What is the purpose of a Brute Force Attack? Brute force attacks are typically carried out to gain access to websites for the purposes of data theft, vandalism, or the distribution of malware.<\/p>\n Malware is an abbreviated term meaning \u201cmalicious software.\u201d<\/strong> This software is designed to gain access to or damage a computer without the owner’s knowledge. These days, malware is often created for profit. The hacker may change the content of the site (to add spam), or create\u00a0additional pages, usually with the intent of phishing. Malware can be used to open pop-up ads, redirect the visitor to pages with viruses or steal personal information. Some hackers may even take administrative control over a hacked site.<\/p>\n Your visitors can suffer consequences from a malware attack on your site, and your business reputation may also suffer.\u00a0But you can take some simple steps right now to protect your website, your visitors and your company.<\/p>\n You should log into your WordPress Dashboard right now to check the usernames.<\/p>\n Do you use\u00a0\u201c123456\u201d<\/strong> or \u201cpassword\u201d<\/strong>\u00a0as the password to your business website? How about \u201cbaseball,\u201d<\/strong> \u201cdragon,\u201d<\/strong> \u201cmonkey\u201d<\/strong> or \u201csunshine.\u201d<\/strong> You are not alone.<\/p>\n Hello Hackers. My password is \u201cmonkey.\u201d<\/strong> Come on in. Ready to change your password?<\/strong><\/p>\n Try using a combination of lowercase and uppercase letters along with numbers and symbols.<\/p>\n While you\u2019re in your Dashboard, you should probably take a look at your Plugins. (Look for the Plugins link… near the Users link.)<\/p>\n Do you have any\u00a0security Plugins installed in your site? No. Then that is your third task.<\/p>\n Your security plugin will monitor your website for you and notify you if your website is the target of a Brute Force Attack.<\/p>\n Try All In One WordPress Security Plugin<\/a>, or\u00a0Wordfence<\/a>.\u00a0Plugins such as these will help protect your WordPress site from viruses, malware and hacking attempts. They\u00a0also have login security options available such as locking users out due to numerous\u00a0failed logins.<\/p>\n Google has launched a service that blacklists hacked websites and warns users before they visit these suspicious sites. If your site has been blacklisted, Google will display the message \u201cThis site may harm your computer\u201d<\/strong> in its search results. Chances are that your site contains malware.<\/p>\n Also read: Blacklisted by Google<\/a>\u00a0and\u00a0How I Cleaned Up My WordPress Site after It Was Hacked and Blacklisted.<\/a><\/p>\n If so, you\u2019re in luck. It is so much easier to do these simple steps, than it is to clean up your website and save your reputation.<\/p>\n If your real name is Admin, you can laugh it off and blame your parents. But if your username is Admin, it\u2019s no laughing matter.<\/p>\n","protected":false},"excerpt":{"rendered":" If you are a small business owner with a WordPress website, this tutorial is for you. WordPress websites are often targets of Brute Force Attacks for the mere fact that WordPress is a popular CMS.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,3,10],"tags":[307],"class_list":{"0":"post-4090","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-dash-of-humor","7":"category-small-business","8":"category-wordpress","9":"tag-website-security","10":"cat-4-id","11":"cat-3-id","12":"cat-10-id"},"_links":{"self":[{"href":"https:\/\/www.crimsondesigns.com\/blog\/wp-json\/wp\/v2\/posts\/4090","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.crimsondesigns.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.crimsondesigns.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.crimsondesigns.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.crimsondesigns.com\/blog\/wp-json\/wp\/v2\/comments?post=4090"}],"version-history":[{"count":3,"href":"https:\/\/www.crimsondesigns.com\/blog\/wp-json\/wp\/v2\/posts\/4090\/revisions"}],"predecessor-version":[{"id":7724,"href":"https:\/\/www.crimsondesigns.com\/blog\/wp-json\/wp\/v2\/posts\/4090\/revisions\/7724"}],"wp:attachment":[{"href":"https:\/\/www.crimsondesigns.com\/blog\/wp-json\/wp\/v2\/media?parent=4090"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.crimsondesigns.com\/blog\/wp-json\/wp\/v2\/categories?post=4090"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.crimsondesigns.com\/blog\/wp-json\/wp\/v2\/tags?post=4090"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Not sure. Then prepare for a Brute Force Attack.<\/h4>\n
What is a Brute Force Attack?<\/h3>\n
What is Malware?<\/h3>\n
1) First things first. Don\u2019t call yourself Admin.<\/h4>\n
2) Don\u2019t Use Easy-To-Guess Passwords Either.<\/h4>\n
\n<\/strong><\/p>\n![\"WordPress](\"http:\/\/www.crimsondesigns.com\/blog-images\/WordPress-login.jpg\")
Since you\u2019ve already logged into your WordPress Dashboard, you can click on the “Users”<\/strong> link. (Then click on your username, scroll down the page, and enter a new password.) It will take you less than a minute.<\/p>\n3) Add a Security Plugin to your WordPress site.<\/h4>\n
Has your site already been hacked?<\/h3>\n
![\"hello](\"http:\/\/www.crimsondesigns.com\/blog-images\/hello-hacker.jpg\")
Visit\u00a0Google’s Help for Hacked Sites<\/a> to learn more about Google\u2019s process for marking sites as malicious.<\/p>\nBut hopefully, you\u2019re reading this tutorial first… before you\u00a0walk into that party and shake the hacker’s\u00a0hand.<\/h4>\n