I'm Just Sharing

Posted by Mitch on Dec 16, 2009

One of our new friends around here is Udegbunam Chukwudi, and he writes a blog called StrictlyOnlineBiz.com. I followed one of his links to his blog to take a look around, and I think he writes a pretty nice blog, so I hope you check it out.

One of his posts was called Secure WordPress Plug-ins, and he gave us 10 WordPress plugins to help us make our WordPress blogs secure. The first one is the one that caught my eye.

The plugin is called Limit Login Attempts, and its purpose is to dissuade those bad folks who know how to write software that can take its time in trying to break both your username and password. As I keep coming across more and more folks who have had their blogs cracked, including some of the big boys, I read that what happens is these weasels somehow figure out your username and password, get into your blog, and that’s that folks.

It made me remember that two of our other friends had their blogs hacked. Peter Lee had written about it last year, though it may not have been the same way, and Yan of Thou Shall Blog also had his blog hacked, and they did figure out his username and password.

The thing is, most of us are too lazy to change our username from Admin. I know I’m bad at this, yet I keep thinking my password is unique enough that it should protect me. But if someone automates software, then I’m gone just like many other people would be. Thus far, the best thing about not having thousands of subscribers is that I figure I’m still under the radar. Then again, I bet Yan and Peter both thought the same thing at the time.

I decided it was time to add a bit more protection to my blogs, so I went to that page, read about this plugin, and decided I liked what it had to offer. The download takes almost no time, and I uploaded it to all my blogs at the same time. But I tested it on this one, just to make sure it wouldn’t mess up my dashboard; it didn’t.

You get to make a couple of decisions with your settings. The first is how many login attempts you’ll allow before it shuts down for a certain number of minutes. It’s defaulted to 4, so I left that alone. The second is how long you want to make people wait before they can try it again. The default is 20 minutes, and I kicked that up to 30 minutes. The next 3 I left alone because I have absolutely no idea what any of it means. The last thing is after how many tries you want to be notified that someone has failed to login. It was defaulted to 4, and that made sense so I left it alone.

I now feel that I have an extra layer of protection, and that will help me sleep better. Of course it’s no substitute for making sure to back up your blog every once in awhile, but it does give an bit more peace to my mind. I think it’s a good idea; y’all should take a look at it yourselves.

Tags: Blogging, passwords, plugins, Wordpress

31 Comments »

Mike:

Limiting login attempts is a great idea. Most forums and many websites already have this feature installed for the protection of the users, but it’s something we don’t often think about when it comes to our own blogs. I think this will definitely help reduce the chances of an intrusion.
Mike´s last blog ..Atlanta Movers

Mitch Reply:
December 16th, 2009 at 3:40 PM

I hope so, Mike. In any case, I feel a little safer, I must admit.

December 16th, 2009 | 1:05 PM

Anne:

My username isn’t Admin, but I probably should look at this plug-in. Not that I have that many loyal readers to cause a stir, yet, those email viruses and other hacks don’t always make sense on who they attack either. Besides, I have a password program so I don’t have to worry about being locked out.
Anne´s last blog ..New Theme & Image Issues Abound

Mitch Reply:
December 16th, 2009 at 11:09 PM

You know Anne, I was just lazy and left it like that when the program was set up. All my passwords are different, but otherwise, I just left it alone, and I know I’m not the only one.

Anne Reply:
December 17th, 2009 at 10:34 PM

I think mine asked me for a username or else I’m sure I would have left it as Admin. I don’t think it’s lazy, just convenient.
Anne´s last blog ..Let it Snow, Let it Snow, Let it Snow ~ Please

December 16th, 2009 | 10:20 PM

Kikolani:

Sadly, I’d probably mess up my own security on the limited number of login attempts, because I have been managing multiple sites with different password variations, and I confuse myself sometimes. Otherwise, not a bad idea at all.

~ Kristi
Kikolani´s last blog ..Ultimate Freelance Resources – 100+ Links to Freelance Jobs, Blogs, Podcasts, Guides & More

Mitch Reply:
December 16th, 2009 at 11:28 PM

You’re killing me, Kristi! Actually, using Firefox, it remembers all my passwords, so I don’t worry about it.

December 16th, 2009 | 11:03 PM

Rose:

Mitch thank you for introducing us to Udegbunam Chukwudi’s blog and Limit Login Attempts. Sounds like a great plugin.
Rose´s last blog ..10 Christmas themes for Blogger

Mitch Reply:
December 16th, 2009 at 11:29 PM

It is, and I’m glad you like his blog. I think it’s pretty neat.

December 16th, 2009 | 11:18 PM

DeAnna Troupe:

Mitch, thank you for posting the link to that blog post. I’m in the process of installing some of these plugins now.
DeAnna Troupe´s last blog ..Listen To Denise J Hart (motivationmama) Interview Me About Being A Creative Entrepreneur

Mitch Reply:
December 16th, 2009 at 11:29 PM

No problem, DeAnna; I hope it works well for you.

December 16th, 2009 | 11:22 PM

Peter Davies:

Thanks Mitch – As ever a source of useful information – this one didnt even cross my mind – there are some sad people around!
Peter Davies´s last blog ..Does anyone have any knowledge regarding worldprofit.com?

Mitch Reply:
December 17th, 2009 at 8:15 AM

For sure Peter, and it was a fluke I came across it.

December 17th, 2009 | 4:52 AM

The Almost Millionaire:

Mitch,
This is a good one man! I’ve often feared having someone try to hack my wordpress based blogs due to lack of security. Not that my blogs are worth hacking, but you never know who you may have ticked off online.
Happy holidays!!!
-TAM
The Almost Millionaire´s last blog ..Email links – the devil is in the detail!

Mitch Reply:
December 17th, 2009 at 8:16 AM

No problem, and where the heck have you been anyway? I noticed you hadn’t been writing much on your blog.

December 17th, 2009 | 5:47 AM

Dennis Edell:

I’ve thought about this but was always afraid I’d get caught in it if I forgot my stuff. LOL
Dennis Edell´s last blog ..Pick My New Domain Names With A chance To Win $10!

Mitch Reply:
December 17th, 2009 at 12:25 PM

You folks and your passwords are killing me, Dennis! lol I have a file on my computer and backed up on my external drive that has every username and password I have for every site. Never a problem for me.

Dennis Edell Reply:
December 17th, 2009 at 9:45 PM

Something like Roboform, or just a notepad type file?
Dennis Edell´s last blog ..Pick My New Domain Names With A chance To Win $10!

Mitch Reply:
December 17th, 2009 at 10:05 PM

Nothing fancy, Dennis, just a regular Word file with a nondescript name that only I know.

Dennis Edell Reply:
December 19th, 2009 at 3:56 PM

Yep I got a few of those myself. lol
Dennis Edell´s last blog ..Pick My New Domain Names With A chance To Win $10!

December 17th, 2009 | 10:29 AM

While plugins like Limit Login Attempts help secure your WordPress blog, you still have to look into stuff like a) changing passwords regularly, b) removing the admin username, and c) regularly updating your WordPress software and related plugins. Security is a process, not a result.
DailyManila´s last blog ..There’s no such thing as a hack-proof WordPress blog

Mitch Reply:
December 17th, 2009 at 12:25 PM

There is always that, DM, and I’ve thought about it, but just haven’t done it. I figure I’m going to have to address that one of these days, for sure.

DailyManila Reply:
December 17th, 2009 at 7:35 PM

Hi Mitch. Thanks for the comment on my blog. As always, I make it a point to stress how important security is. Don’t wait for something to happen, do it now Good luck!
DailyManila´s last blog ..There’s no such thing as a hack-proof WordPress blog

December 17th, 2009 | 10:42 AM

Udegbunam Chukwudi:

Mitch, there were 6 plug-ins not 10 . I strongly suggest you reset the email alert to one cos you never can tell, it could take the fourth attempt to get access into your blog.

Thanks for the mention.;-)
Udegbunam Chukwudi´s last blog ..Nigerians Get Payoneer Prepaid MasterCard Free!

Mitch Reply:
December 17th, 2009 at 2:53 PM

I hadn’t thought much about it, Udegbunam, but for most people, setting it at 1 will lock them out without knowing another way to get it. Maybe 3; even the banks and credit card sites set it at 3.

And I’m glad to give you the shout out.

December 17th, 2009 | 2:16 PM

Sire:

Yeah Mitch, why wouldn’t you want to know after the first failed attempt. It’s not like you’re going to forget your own password now is it? If not one, at least 2, in case you miss key the password.
Sire´s last blog ..Of Gary Vaynerchuk And His Belief That You Can Cash In On Your Passion

Mitch Reply:
December 18th, 2009 at 5:40 AM

Actually Sire, I don’t want to take the chance that I might mistype something if I’m not on my own computer at home. With Firefox, I’m covered, but elsewhere, it could be critical for me to get in, and I don’t want to have to wait 30 minutes just to get into my own site.

December 18th, 2009 | 2:26 AM

Internet Home Business:

Hi Mitch,
Thanks for making me cringe thinking about my blog hack.Although it didn’t quite qualify as a real hack, the fear is always there as I’ve been also hacked on my email account right before my very eyes. There are just too many people out there who choose to use their good skills for the wrong purpose. There is never enough protection for anything nowadays. But your plugin sounds good to take a look.
-Peter
Internet Home Business´s last blog ..My Google Adsense Crossed $100/mth: 7 Things I learned

Mitch Reply:
December 18th, 2009 at 11:59 PM

Didn’t want to make you cringe, Peter, but it just stuck in my mind when it happened to you and Yan, and when I learned about this plugin I just needed to tell everyone about it. Speaking of things, have you ever upgraded your WordPress? I see above in my Admin that they’re just releasing 2.9.

December 18th, 2009 | 10:40 PM

Internet Home Business:

No Mitch, since that last failed upgrade attempt I have never tried to do any more upgrades. I’m happy with my old version and just don’t want to take any risk doing so. I can live without the new features, if any. Like they say “if it ain’t broken don’t fix it”.
Internet Home Business´s last blog ..Challenges Of Starting A Blog

Mitch Reply:
December 19th, 2009 at 2:38 AM

Then you definitely need to use that plugin, and you should check out the others that were in this post, though with you using the older version they might not all work for you. The reason I upgraded to 2.8.4 to begin with was suddenly there was a rash of blogs being hacked, and some of them were major players who decided not to upgrade. I’m just not taking that kind of risk.

December 19th, 2009 | 2:28 AM

Leave a Reply; please see comment policy if this is your first visit.

Limit Login Attempts

Posted by Mitch on Dec 16, 2009

31 Comments »

About

Subscribe To Feed Here!

Subscribe To Feed By Email

Meta

Product Pages

Other Blogs Latest Posts

Blogroll

Business

Forums

Marketing Sites

Reviews/Opinions

Archives

Categories