How to protect your website from WordPress brute force attack

Brute force is a method of invading login systems by trying out a variety of possible password combinations assuming that one of the combination will unlock the system. The brute force attack is one of the attack which takes a lot of CPU and bandwidth usage especially when it is being conducted on a website.

Recently an organized brute force attack was conducted on several wordpress websites. The wordpress brute force attack was very large in nature and is still continuing till this day.

Protect your wordpress site against the wordpress brute force attack

The brute force definitely tries to hack into your administration dashboard. the default directory for admin dashboard is /wp-admin

One way to prevent the wordpress brute force attack is to change the wp-admin directory to something else e.g. /dashboardsecretnamehere

Now, add another layer of security by installing this small wordpress plugin called “Limit Login attempts”.

After installing the plugin you can change the default settings according to your needs. The plugin settings are pretty simple.

WordPress Limit login attempts to prevent brute force attacks

Below you can see the plugin in action. It was able to block several IP addresses trying to login to my admin account.

WordPress Limit login attempts plugin in action

Everytime someone tries to hack into my system or exceeds the login attemps I get an email from the blog alerting me to monitor the IP address.

I hope you found this article helpful.