This page will show you a free WordPress plugin that adds and extra layer of security to your WordPress logins and thwart the rising number of WordPress hackers keeping your site safe and secure.
This plugin ensures that only a human being (you) can ever log in to your WordPress site.
Free WordPress Login Security Plugin
The plug-in that I am referring to is called Login Dongle. The way Login Dongle works is you have to click a bookmarklet on your browsers bookmark bar and then answer a security question before you can login. You make up the security question and answer.
Using Login Dongle
Login Dongle can be a bit tricky to figure out how to set up and use and you can actually lock yourself out of WordPress so make sure you follow these instructions exactly.
If you do accidentally lock yourself out:
- Use an FTP program, like Filezilla, log into your WordPress site that way.
- Navigate to the plug-ins folder directory.
- Delete the entire Login Dongle folder.
How to Set Up and Configure Login Dongle
- Log in to WordPress.
- Navigate to Plugins ➱ Add New.
- In the Search box enter Login Dongle.
- Click Install, then Activate.
Once you have installed and activated Login Dongle here’s how to configure it:
- Navigate to Settings ➱ Login Dongle.
- From here you can configure the message the would be intruder would see although it is probably a software program or bot trying to log in and not a real human.
- Click Save Changes.
- Navigate to Users ➱ All Users.
- Click the Edit link under your username.
- In the Login Dongle settings in the Challenge textbox enter a short question only you would know the answer to.
- In the Response textbox enter the answer. Make sure you note and remember CaSe in your answer as well.
- Then drag and drop the Login Dongle bookmarklet to your browsers bookmarks toolbar.
How to Log In To WordPress once Login Dongle has been Installed and Set Up
This is the part that stumped me and that I had to figure out through trial and error. The documentation for this part is not very good and should be updated but follow these instructions and you’ll have no problem.
To Log into WordPress After Login Dongle is Installed and Set Up:
- Enter your WordPress Username and Password to log in to WordPress but do not yet click the button to log in.
- Click the Login Dongle bookmarklet.
- A message box will pop up with your question.
- Answer it and then IMMEDIATELY click the button to log in. If you wait to click the WordPress login button more than a few seconds after answering the Login Dongle question you will be redirected to the message page that is shown to someone who incorrectly answers the Login Dongle question you created during set up.
Video Showing how to log in to WordPress Once Login Dongle has been Installed and Configured
Click to Play Video ᐃᐃ
WordPress Hackers of Today and What They Do
There are all kinds of different hackers with different intentions but one of the most prolific types of WordPress hackers today is what I like to call the affiliate Russian hacker.
I found out about this attack because as an affiliate marketer, in 2015, I noticed my affiliate sales dropped significantly.
I investigated this issue by typing some of my main keyword phrases into the search engine and notice page after page of results on Google where the listings showed nonsensical garble.
What I would click on the search result I would be redirected to a completely different website than was indicated in the search result. I also noticed that the posts created by the hackers had absolutely nothing to do with what the site was about overall
When I spoke to my affiliate manager he told me that he knows who this guy is who is doing this because this guy was actually an affiliate for the same company. Needless to say I drop this company and stop being an affiliate for them for obvious reasons.
The Purpose of this Hack
This particular WordPress Hack I am talking about is created by affiliate marketers. Their intent is to create posts on already firmly established WordPress sites. The reason the hackers do this rather than just create their own websites is the hackers know that a post created on an already established website is going to rank higher in search results that a post created at a brand new WordPress website.
How this WordPress Hack Works
The way this hack works as the hacker has two different software programs running.
- One piece of software is a crawler bot that scans thousands of WordPress website daily looking for WordPress sites that are vulnerable. The scary thing is that WordPress, set up and installed, with its default settings, is extremely vulnerable to many different type of hacks including this one. It’s one of the reasons I really hate WordPress.
- The second piece of software penetrates the WordPress sites found to be vulnerable by the first piece of software. Once inside, the second piece of software proceeds to make keyword optimized posts to that WordPress site with affiliate links. This software will post dozens or even hundreds of post to the penetrated WordPress site. Within a couple of days after the second piece of software has made these posts they show up in Google search results get traffic and produce sales for the hacker.
Negative SEO Side Effect of this WordPress Hack
One of the worst things about this WordPress hack is not so much the fact that your site has been penetrated with tons of posts but the negative impact this hack can have on your websites SEO and search engine rankings.
These hackers usually post stuff related to online pharmacies and purchasing prescription medicines online. The posts that are created by this hacker have absolutely nothing to do with the website itself. For example if your website is about baking cookies and this hacker creates dozens or hundreds of post about prescription medicines, the search engines are going to see the incongruencies of posts and immediately demote your site, possibly tagging your site is spam and blacklisting you.
How to Find out if YOUR Website has been Hacked this Way
The easiest and fastest way to see if your site is been victimized by this hack is go to Google search engine and type in the following:
For example if your website is goodproducts.com your would search Google for site:goodproducts.com .
Look through the search results. The first thing if you know you’ve only posted 15 total posts to your website and you see 10 pages of listings on the search engine you know something is wrong right there.
Look through the search results and see if there are posts you never created there. If so you’ve been a victim to this hack.
Fixing your WordPress Site if it has been Hacked.
The least expensive option is to go to fiverr.com and search Fix WordPress Hacked Site. It’ll cost you a whopping total of $5.50 in a couple of days to get your WordPress site fixed. Once you have done this I would also recommend directly submitting your site map to Google and Bing. If you don’t do this, even though the bogus pages have been removed, they will still show up in the search results for months. Here are the links to resubmit your sitemap.
The sitemap you want to submit is yoursitename.com/post-sitemap.xml
Other things, Besides Login Dongle, you can do to Protect your WordPress Website
- Make sure you DO NOT use the default username of admin. If this is your username change it immediately!!
- Change your password to something VERY long and VERY complex with number, characters, uppercase, lowercase AND special characters such as sfkU#U$#E*37 or 3*3u#)(#8djdfjix. You could always use a password site like passwordgenerator.net.
- I also recommend the Wordfence plugin in for a firewall and even greater WordPress security.
It’s always that one percent of people, the assholes, that screw up a good thing for everybody else and creating content with WordPress is no exception. Hopefully, one day soon, these ass holes will be rounded up and appropriately put in concentration camps or hung by the neck.