The massive WordPress brute force attack is in news these days. It’s being said that hackers are trying to break into poorly-secured WordPress websites with the help of a powerful botnet (which is assumed to be made up of over 90,000 webservers).
First question for many users is:
What is Brute Force Attack?
A brute force attack in simplest terms is a trial-and-error method to get access to your website. It performs sequential login attempts to your website using common username (e.g. admin) and password (e.g. admin123) combinations.
Now, how do you protect your WordPress website/blog from such attacks? Here I am listing some ways that can help you protect your WordPress website.
How to protect WordPress from Brute Force Attack?
- Strong Password: Make sure that you have a strong password. Use random alphabets, numbers and special characters. Do NOT use strings like 123456 or qwerty.
- Stealth Login Page: This is a really cool plugin by Jesse Petersen that allows you to create a custom login URL that is known only to you. Any attempts to access the login page by simply using /wp-login.php or /wp-admin will fail. Check out this plugin on WP Repository.
- Limit login attempts: This is a good way of denying access to login page or forcing a password reset when the login attempts with incorrect login details reaches a certain limit. You can use this plugin, Limit Login Attempts.
- Password Protect WordPress login: Ipstenu has published a nice tutorial to protect the access to wp-login.php file. Click here to read the tutorial.
- Hire me: So busy to handle this on your own? Or you think you need some technical help? Feel free to contact me.