I have been blogging for many years and this blog has generated strong traffic of 20,000 readers per article on a monthly basis.
However, no matter how much I enjoy blogging but there are pros and cons.
Pros: you can use a blog as a platform to express yourself, it will develop your creativity. Once you have traffic, you can leverage it by collaborating with brands and hence, a good source of monetization.
Cons: when your blog becomes searchable it also attracts threats, especially from the hackers who are both from hacker companies and bots.
Why do they want to hack your account?
It is quite simple, once your platform is hacked you won’t have access to the admin. You will be redirected for payment for ransom to return your website.
In my experience, there is no single week that I don’t receive a financial threat from “strangers”. Some threaten me that they will access all my accounts in 24-hours and in order to prevent it, I have to pay in advance which is a no-brainer approach, to be honest. Others, have attempted to log-in to my blog admin quite a number of times but failed.
How to protect your website from hack attempts?
There are a few ways and I will share with you the simplest steps.
Install A Plugin Called “Wordfence”
Go to your WP dashboard >> new plugin >> install “Wordfence” and go to settings.
Wordfence login security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection, and Login Page CAPTCHA, which means you can control the authorization of log-in by two-factor authentication (2FA).
Once it is enabled, an unauthorized log-in will be required to key-in the OTP code that is sent to your authenticator app on your phone.
It is completely free to use, with no limits or restrictions of any kind.
If there is any attempt to your site, the hacker won’t have access and he or she will be blocked automatically. Hence, the hacker will be required to access with different IPs. Let alone make the hacker tired from tiring to key-in. 🙂
Protect your WordPress Admin Area.
To completely block access right from the URL of your domain.com/wp-admin, you can restrict the access through the admin area in the Cpanel.
The best you can do is to get your home/work IP address (check your IP here at whatismyip.com) and add these lines to the .htaccess file in your WordPress admin folder replacing xxxxxxx with your IP address.
<Files wp-login.php> order deny,allow Deny from all Allow from xx.xxx.xxx.xxx </Files>
Then save it.
Go to your website’s Cpanel >> File Manager >> Public_html/wp-admin (folder) and then click the .htaccess.
Click create code folder and you will see this screenshot.
Type the code. The allow from means, your IP address.
As result, an unauthorized IP address won’t even be able to type your URL/wp-admin. If they do, a forbidden error page will be displayed because you control the permission with an FTP in your control panel.
Blog with confidence make sure you secure the admin access both in your WordPress account and control panel.