You escaped the end of the Mayan calendar and are no doubt looking forward to 2013. Your WordPress site, however, might not be so lucky. Doomsday could be right around the corner, lurking in the darkness of the internet, waiting to hack and exploit your /wp-admin area. Brute force login attempts and lousy passwords can make even the most sophisticated website susceptible to destruction. In an instant your site could be turned into a Canadian pharmacy or Russian dating site.
You can avoid this kind of doomsday scenario by upping your security with Apocalypse Meow. This lightweight collection of tools protects the WordPress admin area with features like password strength requirements and brute force login prevention.
Here’s what Apocalypse Meow does to lock down your admin area:
- Brute-force log-in protection: temporarily disable and replace the log-in form after a specified number of failures are detected.
- Specify minimum password requirements for users to ensure nobody chooses something stupid like “password123”.
- See a complete history of log-in attempts, successes, and bans; optionally downloadable in CSV format.
- Disable the “generator” meta tag, which betrays which version of WordPress you are running (thereby making exploits more easily targetted).
- Prevent the direct execution of PHP scripts in wp-content/.
- Rename the default “admin” user.
Apocalypse Meow is free to download from the WordPress plugin repository. I’ve tested it and it works just as advertised. If you’re concerned about the possibility of your site getting exploited, install this super light-weight security plugin. It just may save you a massive headache later.