Everyday bots or scripts are crawling the web attempting to gain admin access privileges to your content management system-driven (Drupal, WordPress, Joomla, etc.) websites. Are you utilizing a tool that can help you stay protected?

We monitor many websites for hack attempts with multiple systems and in multiple ways, one of which is monitoring failed login attempts. If you are running a Drupal, WordPress, Joomla or any other content management system-driven website, chances are there are bots or scripts attempting to login to your site over 100 times per day. 
 
Why should you care? If your username is admin and your password is a dictionary word, then you are allowing these scripts to use dictionary-driven attacks on your site and, at some point, there is a high likelihood they might be successful and gain administrative access. Once that happens, they can take full control of your website and do any number of things, from defacing your website to serving malware to users who visit it.
 
In order to mitigate your chances of falling victim to this particular attack, our tip of the month is an .htaccess change that will restrict access to your website’s admin login to specific IPs. 
 
To give this tip a try, open up .htaccess in the root of your website and add the following (WordPress): 
 
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^111\.111\.111\.111$
RewriteCond %{REMOTE_ADDR} !^111\.111\.111\.112$
RewriteCond %{REMOTE_ADDR} !^111\.111\.111\.113$
RewriteRule ^(.*)$ – [R=403,L]
</IfModule>
 
This tip should help prevent bots from accessing the WordPress login URL and will be one more tool in your toolbox for securing your WordPress website. 
 
And a related tip, we recommend changing the default admin username away from “admin” to a long phrase or string that is not simply “admin” or the website’s name.
 
There is not one silver bullet for protecting your website, so it’s important to deploy every tip that’s practical to keep your website safe and secure. If you are looking to host securely, maintain, and support your website with experienced developers and engineers at an experienced web development and web maintenance firm, consider New Target. We would be glad to assist you in accomplishing your goals and maintaining your online systems.
With offices in Washington, D.C. and Los Angeles, Ca., New Target provides digital strategy, digital marketing, web design, web development, branding, website hosting, and creative services for prominent nonprofits, companies, and government.