Most hack attempts on your website will be randon. However last week our website was subject to a targeted attack. We are very glad we have adequate security installed. Those attempts failed.
iThemes enables us to ensure anyone trying to log in as ‘admin’, the default user name, is immediately blocked. Most random attacks start here. I can choose how many times a user is locked out before being permanently banned from my website. That means that any person repeatedly trying to login in to my website and failing will be prevented from trying again from that IP address (the unique identifier associated with a computer or network).
This is important because most attacks are ‘brute force’, they are trying to guess the User Id and Password. Automated attempts can try thousands of combinations in a short space of time. iThemes helps you stop these in their nasty little tracks. They even provide you with a list of known bad IP addresses to start you off.
Sometimes nasty people will search your site for a page to exploit. iThemes takes care of this too. It lets you set the number of attempts allowed before locking out the offender. It records all these failed attempts (404 detection) so you can see in the log what pages have been searched for that don’t exist.
One feature I particularly like is the ‘Away Mode’. This means I can choose the time of day when my administration system is available. So, in the middle of the night, when I’m snuggled up in my bed, I know the login screen isn’t available. Since the targeted attacks on my website took place late evening I altered my ‘away’ times accordingly. Yes this means there are times of day when I can’t login to my own admin system but then again I should be spending that time with my family!
There is a lot more to iThemes but I think these points are enough for me to recommend you install at least the free version on your WordPress website. I’m glad I did. I want to give a shout out to the lovely Kimberley Castleberry who recommended iThemes to me some years ago – good call Kim.
Please never think “my website isn’t important enough for somebody to try to hack”. Any website anywhere in the world can be a target, either of random attacks, or if like me you inadvertantly upset somebody, a targeted attack. Protect your investment.