WordPress is the most widely used CMS in the world today. As a consequence of being so widely used, it is also one of the most hacked and exploited software as well. The WordPress team work diligently to keep the application updated regularly to address new security issues that may arise. When WordPress releases a new version to address a vulnerability, you can be certain the information needed to exploit the vulnerability is available to the general public. This makes old versions more susceptible to attack and is one of the biggest reasons it is essential to keep your WordPress up to date.
The wp-login attack is a trending flavor of brute force attack adversely impacting countless WordPress sites today. A brute force attack uses a large volume of requests/responses from the same source or destination IP address to break into a system. The attacker employs a trial-and-error method to guess the response to a challenge or a request. To prevent password cracking by using a brute-force attack, one should always use long and complex passwords. This makes it hard for attacker to guess the password, and brute-force attacks will take too much time.
Most of the time, WordPress users face brute-force attacks against their websites. Brute Force Login Protection is a lightweight plugin that protects your website against brute force login attacks using .htaccess. After a specified limit of login attempts within a specified time, the IP address of the hacker will be blocked.
- Limit the number of allowed login attempts using normal login form
- Limit the number of allowed login attempts using Auth Cookies
- Manually block/unblock IP addressesManually whitelist trusted IP addresses
- Delay execution after a failed login attempt (to slow down brute force attack)
- Option to inform user about remaining attempts on login page
- Option to email administrator when an IP has been blocked
- Custom message to show to blocked users
Here is how you install it:
Install the plugin either via the WordPress.org plugin directory, or by uploading the files (https://wordpress.org/plugins/brute-force-login-protection/installation/) to your wp-content/plugin directory. Activate the plugin through the WordPress admin panel. Customize the settings on the settings page. Finished!
Another popular security and performance plugin for WordPress is Jetpack.
- Customization. Make your WordPress site uniquely yours with Custom CSS, Carousels, spam-free Contact Forms, Sidebar Widgets, Infinite Scroll, and Tiled Galleries.
- Mobile theme. Instant and customizable lightweight responsive theme designed for phones and tablets.
- Content tools. Create and publish richer content with Post by Email, Shortcode Embeds, Markdown, Beautiful Math, Spelling, and VideoPress.
- Visitor engagement. Increase your traffic and keep visitors coming back withEnhanced Distribution, spam-free Comments, Shortlinks, Likes, Notifications, Related Posts, Publicize, Social Sharing, Subscriptions, and Site Verification Tools.
- Site performance. Speed up image delivery with the Photon CDN and access to visitorStats.
- Security. Keep your WordPress site up, safe, and protected with Single Sign On,Jetpack Monitor, and Akismet anti-spam.
Here is how you install it:
Install the plugin either via the WordPress.org plugin directory, or by uploading the files (https://wordpress.org/plugins/jetpack/installation/) to your wp-content/plugin directory. Activate the plugin through the WordPress admin panel. Customize the settings on the settings page. Finished!
As always if you need any questions or would like assistance with installing the brute force login protection plugin don’t hesitate to open a ticket with our support team. We are here 24 / 7/365 to assist you!