Since beginning our farm website I’ve relied on some basic best practices and the little fish, big pond theory of security. The theory being, what could someone possibly want with a little farm website when there are so many bigger, better sites out there that would make better hacking targets.
My first introduction to unwanted outsiders was when I started getting comments on my posts from spammers. We had 25 people a day hitting the site but I’d have 50 comments in one day, all spam. Some quick research revealed that Akismet was the preferred plugin for WordPress to control the spam and it has worked flawlessly since day one. Finding that there was such a problem, and that the solution was so simple was a wakeup call to me that I had to be more informed about WordPress. I did a search of WordPress podcasts and after trying out several I settled onto Kim Doyal, The WordPress Chick. I listen to her podcasts along with my normal rotation of other podcasts and try to pick up tips on how to run our farm website. Recently Kim ran through some of her favorite plugins and she recommended Brute Protect to protect your website against brute force attempts to hack you administrator account. Now I felt like my password was pretty secure and I hadn’t had any problems with being hacked so I’m probably ok. But Kim really recommend we protect ourselves so I decided to install Brute Protect just to be safe. The way Brute Protect works is it’s a collective group of sites that are protected. Whenever one site is hacked or attempted to be hacked, the IP address of the hacker is recorded and all the other sites are automatically updated with that IP address. If that IP address then tries to access another WordPress site, Brute Protect block their ability to log in, even if they correctly have the password. Sounds good. I didn’t need it, but it was a free plugin and what could it hurt. I installed Brute protect earlier this week. Today I pull up my dashboard and see this.
As you can see, Brute Protect has 101,475 WordPress websites in the network. What’s especially interesting is that already this week it has stopped 11 “attacks” on our website. I don’t know what constitutes an attack but I have to assume that at a minimum someone from a blocked IP address tried to access the website. Someone from a blocked IP address isn’t stopping by to buy beef so as far as I’m concerned this plugin is gold. If you are on WordPress, Brute Protect should be on your website.