I have talked already about important steps such as using a secure password and changing your admin user id, but here is another trick that you can use to protect your blog.

I talked about Login Lockdown a couple of weeks ago and some readers did mention that they use that very same plugin. The idea there is to prevent mass attempts to access your admin. But today I was working on a theory to protect my admin logins in various sites and searching around for a plugin.

My theory was to lock the admin screen down to just specific countries. This sounds very obvious, but does not appear to have been written. The nearest I found was WP Login Security.

What this does instead is every time it detects a new IP address being used to logon, it sends you a one time password to your registered email address. Then, you open the email and can gain access to your admin.

This means that even if someone does guess your userid and password, or gets them through keylogging, as long as they are not using a connection you have used, you will get the email notification and they will not be able to logon.

Where’s the downside? Well, it is great if you are using the same IP address most of the time. But, if like me you get a new IP address every time you connect to the internet (which includes when the connection randomly drops), then there will be a huge list of allowed IP addresses and a lot of confirmation emails to click on before access is allowed.

But, it is the price to pay for added security. I still think my idea will work and has mileage. All of the hacking attempts that I have detected have come from abroad, so by locking out foreign acess to my admins I should prevent at least most direct attempts.

Whether I get fed up going through one time passwords every time I want to log on only time will tell. I expect I will! But, in that time, at least my range of blogs are protected and maybe I can code my own plugin!

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

If you want to keep up with our latest posts, just follow us on our RSS feed, join our weekly newsletter or follow us over at Twitter. Please do join in - it is totally free and only the best posts are passed to you!

Also, leave a comment below. We are a 'DoFollow' blog, so it is well worth your time. Thanks for calling in.

Similar Articles You Might Like To Read:
    Locking Down Your WordPress Admin Login If someone is going to attempt to attack your blog through brute force, a good password and an unusual admin...
    Protecting WordPress From Brute Force Hackers So, what can we do to protect out blogs from brute force attacks, where hackers just spend ages trying out...
    Too Much Security Is A Pain! I wrote last week that I was trialling a security plug Login Lockdown on many of my blogs. I have...
    Limit Login Attempts – better than Login Lockdown! After a little bit of research, I have removed Login Lockdown and instead installed Limit Login Attempts. After trying them...
    Securing WordPress – 7 Essential Security Steps For Every Blog Preventing hackers and other unwelcome people from accessing your blog is essential. But WordPress, if not correctly used, can be...
    Limit Login Attempts And Lock Out Hackers One way hackers will try to hack into a target website is by running a program that tries thousands of...
    Locking Lockdown – does it actually work? It was, until recently, one of the plugins that I listed on by top 5 plugins. However, after some playing...
    Simplifying A Security Upgrade If you started blogging with WordPress before v3.0, or you installed 3.0 and didn’t take the advice of creating a...
    A Good Looking Idea, Not Quite There The last time I wrote I was talking about signing up to postlinks.com and the account problems. Still no joy,...
    Choosing A New WordPress Admin Name If you want to make sure that you beat brute force hackers, then you must change your admin userid. Here...