I recently attended Connecticut WordCamp 2014 in Stamford. Never having attended a WordCamp before, I had no level of expectation or comparison (I look forward to WordCamp NYC this summer, now!). I do have to say that the organizers did a stellar job in vetting the presenters and bringing a great variety to the day’s programing.
The very first session I attended was a really fascinating take on the “UX of Real-Time Site Personalization” given by Jesse Friedman. His talk was nothing short of brilliant—both in content and presentation—and I’d love to tell you more about it, but it’s his role as the Director of Innovation at BruteProtect that I’d here to focus on.
If you have at least one WordPress website and you’ve been awake for the last six months or so, you’re probably aware of the sheer volume of brute force attacks that have been targeted specifically at WordPress sites. It’s staggering. For the uninitiated: A “brute force attack” is simply when a hacker (a bot usually) tries to break into your site by using random administrator names and passwords to get into your site’s back-end. For this reason alone, I will shout the following from the treetops:
If your user name is “Admin,” change it. Now. Right now. Seriously. Why are you waiting??
So many WordPress users don’t take advantage of using a “Captcha” to weed out bots, and many more don’t use secure passwords. So brute force attacks are still pretty effective for breaking into sites.
If you do nothing else today to protect your site, install the BruteProtect plugin on your site. Now.
They describe the product:
BruteProtect tracks failed login attempts across all installed users of the plugin. If any single IP has too many failed attempts in a short period of time, they are blocked from logging in to any site with this plugin installed. Once the plugin is installed, you’ll need to get a free BruteProtect API key, which you can do directly from your WordPress dashboard.
It’s a ridiculously easy plugin to install and use. I already installed it on several of my sites. I know I get hack attempts because I use WordFence to monitor my sites for potential hacking. Even though WordFence monitors my site, it simply shuts out a potential hacker after they have made the attempt. BruteProtect attempts to do this by not only blocking an IP address from a hacker trying to access a site too many times unsuccessfully, but by pooling data from other BruteProtect users’ sites, offending IP addresses are stored at BruteProtect’s database, and hackers are blocked before even trying to access your login! Genius!
Did I mention that the plugin is free?
Because it’s a one-trick pony, it’s really hard to say anything else about the plugin’s functionality. It does one thing incredibly well.
As a follow-up regarding Jesse: As he presented to all of us at WordCamp, he was emphatic about his love of an internet unfettered by limitations. He shared genius-level ideas that he could easily charge for. But his mission and vision is simply to make the world a better place through technology. He was very enthusiastic when he told the conference room that we should take and implement his ideas. I admire his vision, and it is so in alignment with WordPress and other open-source developers. It gives us real hope for a future led by young visionaries like Jesse. So it totally makes sense that he and the whole team at BruteProtect have created a freely-accessible plugin to make the internet safer against hackers.