Stop Spam Registration / Log-in Guess on Your WordPress Blog


How to Stop Spam Registration, Comments and Log in Attempts on Your WordPress Blog

Recently I moved my blog from sub-directory to the root directory thinking that will amount to a great user experience and fast loading, to my greatest surprise that even became a strong headache to my server as I started noticing an accelerated users activities in my blog including many users trying to log in using several guessed usernames. Several attempts were made including admin name from single IP addresses. I was puzzled at first and quickly needed a solution that will drastically demystify my ambiguity.


How to Stop Guessed User Name Log in On Your Blog

Most newbie hackers spend most of their times trying to figure out tools and scripts that will enhance their hacking progress and will always prey on blogs that refuses to properly secure their website against such attempts. Guess log in has been a long aged practice right from the good old days of ICQ & forum where people employ malicious tools to guess users password when they have already gotten the username and in the case of WordPress we are not ignorant of the default username which is admin . Although the default admin username can be easily changed to something unique still most WordPress users prefer leaving it the way it is which isn't a brilliant practice. Now to force stop malicious users / hackers from guessing several log in details to access your site you can install the two plugins onn your WordPress blog.

1. Wordfence: Wordfence gives you solid features you can trust for the overall security of your WordPress site, but for the sake of this tutorial we will solely focus on how to use Wordfence to stop malicious users from guessing users / admin details . To achieve this, first download the plugin from the download link above and install it by uploading to your plugin directory or simply search for Wordfence from your WordPress plugin install window, install it, activate it and navigate to options after inserting your Wordfence API key. Scroll down to where you have Log in Security Options and set those option there to what you think will discourage such automated users / script as seen below.
wordpress-security
You can now see how easy it is to stop such annoying and useless loads on your server.

2. WP Login Security : Although this plugin has been existing for a very long time, still many users seem like not noticing how effective it can be specially for new bloggers who know little about great measures for securing their WordPress blog. Imagine a situation where you mistakenly gave out your log in details to a malicious person or probably some one manages to guess / hack your admin log in details. At this point you will be like Oh my God What have I done to Myself! Yeah everybody does this but not same for many of us who take blogging seriously. With this plugin you will be having a two way verification for new admin log in from a different IP address making it difficult for that malicious user who has the details to use it as he has to confirm the new IP address from your admin email. The plugin needs not much settings all you need do is download WP Login Security from the link provided above or search it from plugin install section in your blog and install and activate it. Then go to Settings==>wp-login-security from your admin dashboard and customize the plugin at admin /superuser ==> add your IP to the white list.

How to Stop Mass / Spam Registration on Your Blog
The same day I moved my blog to the root directory of my site I was having like 180 users already signed up and logged in to my blog. I was like Oh my God where the hell is the users registering from?? Because I didn't drop anything like log in / admin link on my blog , that's when I recalled that this could be bots / malicious scripts that I need to prevent from accessing my site as soon as possible. To be sure of this I have to double check their host domain / IP addresses which didn't surprise me as all the registrations were coming from somewhat xxxxxxx.pl Then I had to prevent this by Installing a single wp-captcha plugin ==> navigated to BWS Plugins from my admin dashboard ==> Clicked on captcha to set the needed preference except the comments where I used a less stressful plugin.

These tips will help protect your WordPress blog from spam log in, guessed account log in and hacking your account using password recovery etc. So never ignore the security of your WordPress blog and take steps forward to protect it against any possible risk. Good luck!

obasi-miracle
About Author: I am just me, Obasi Miracle, a technology expert and a crazy fellow this explains my reason for being so crazy about ict which led me to creating a Science & technology forum where I handle all issues relating to IT support, general information and communication technology.

Labels: , , , , ,