How to protect your website from WordPress brute force attack

Wordpress brute force attack
Help us grow. Share with your friends!

Brute force is a method of invading login systems by trying out a variety of possible password combinations assuming that one of the combination will unlock the system. The brute force attack is one of the attack which takes a lot of CPU and bandwidth usage especially when it is being conducted on a website.

Recently an organized brute force attack was conducted on several wordpress websites. The wordpress brute force attack was very large in nature and is still continuing till this day.

Protect your wordpress site against the wordpress brute force attack

The brute force definitely tries to hack into your administration dashboard. the default directory for admin dashboard is /wp-admin

One way to prevent the wordpress brute force attack is to change the wp-admin directory to something else e.g. /dashboardsecretnamehere

Now, add another layer of security by installing this small wordpress plugin called “Limit Login attempts”.

After installing the plugin you can change the default settings according to your needs. The plugin settings are pretty simple.

Wordpress limit login attempts brute force

WordPress Limit login attempts to prevent brute force attacks

Below you can see the plugin in action. It was able to block several IP addresses trying to login to my admin account.

Wordpress brute force attack

WordPress Limit login attempts plugin in action

Everytime someone tries to hack into my system or exceeds the login attemps I get an email from the blog alerting me to monitor the IP address.

I hope you found this article helpful.

nuclearrambo

Salil is an electronics enthusiast working on various RF and Microwave systems. In his free time he writes on the blog, talks over ham radio or builds circuits. He has Yaesu FT2900R VHF transceiver, FT450D HF transceiver and a TYT UV8000E Handheld transceiver.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.