Trellis White paper Ad 770 Spot #6
Women looking at laptop screen Optimize
share TWEET PIN IT share share 1
Lawyer Websites

Guard Your Blog Against WordPress Attacks

By Gyi Tsakalakis

If you use WordPress for your blog or law firm website, you may know that this month the WordPress community faced perhaps its largest brute force attack. Reports around the web confirmed a large botnet was using brute-forcing passwords to attack WordPress and Joomla sites. While there are a variety of ways hackers can try to attack your site, if you follow basic security measures, you can protect it and avoid the overwhelming majority of common attacks.

Stronger Credentials

Fig1WordPressLoginThe list starts with stronger WordPress login credentials—your username and password. Don’t use “admin” as your username. And don’t use easily identifiable information in your password. Here are some additional password no-no’s:

  • Don’t use variations of your real name, your username or anything identifiable from your website.
  • Don’t use a “tough” word from the dictionary.
  • Don’t use just letters or just numbers. Use both.
  • Don’t give your password out to people!

I encourage you to use an automatic password generator. Make sure it complies with the WordPress recommendations for a strong password. You might also consider using a limit login attempts plug-in.

Also, make it a policy to update all usernames and passwords monthly or quarterly. I recognize that constantly updating your password can be inconvenient. But consider all the problems that can arise when your site is compromised.

Don’t save passwords to your computer, and don’t save passwords in your web browser. If you are having a difficult time remembering passwords, consider something like LastPass.


Another important aspect of preventing attacks is updating software, themes and plug-ins. I’ve seen many lawyer websites using ridiculously old versions of WordPress. While you may want to wait days or weeks to apply a new WordPress update, you shouldn’t wait much longer than that.

Also, keep in mind that themes and plug-ins can have security issues. That’s why you should limit your use of plug-ins to only those essential to your site. If you’re using a free or premium WordPress theme, do some research to make sure it isn’t known for security issues. If you’re commissioning a custom theme, talk to your developer about security. Experienced developers should be conscientious about theme security vulnerabilities.

Back Up

Of course, you won’t be able to protect against every attack, every time. That is why you should have a system for regularly backing up site files and databases. Backup buddy is a nice plug-in that makes scheduling, storing and restoring backups pretty easy.

More on Hardening WordPress

It’s important to keep in mind that no system is completely hacker-proof. Even the most sophisticated government defense systems get hacked. The keys to security are to take preventive measures to protect against common security breaches, mitigate the damage of any security breach and be prepared to respond and adapt to future attacks. WordPress provides extensive help for hardening WordPress, and a recent article from Forbes provides some additional advice on protecting against the botnet.

Have you been the victim of an attack? Tell us about it. Were you prepared? What steps did you take to recover? What additional steps have you taken to protect your WordPress installation?

Gyi Tsakalakis helps lawyers put their best foot forward online because clients are looking for them there. He is a co-founder of AttorneySync, a digital marketing agency for law firms. You can find more of Gyi’s writing in his “Optimize” column on Attorney at Work, on Lawyerist and on Avvo’s Lawyernomics blog. You can ask him a question (or just say hi) on LinkedInTwitter, Google+ and Facebook.

Categories: Daily Dispatch, Legal Technology, Managing a Law Firm, Optimize
Originally published April 22, 2013
Last updated February 18, 2020
share TWEET PIN IT share share
MUST READ Articles for Law Firms Click to expand

Welcome to Attorney at Work!

Sign up for our free newsletter.


All fields are required. By signing up, you are opting in to Attorney at Work's free practice tips newsletter and occasional emails with news and offers. By using this service, you indicate that you agree to our Terms and Conditions and have read and understand our Privacy Policy.