5 Super easy ways to save your WordPress website from Brute Force Attack

The massive WordPress brute force attack is in news these days. It’s being said that hackers are trying to break into poorly-secured WordPress websites with the help of a powerful botnet  (which is assumed to be made up of over 90,000 webservers).

First question for many users is:

What is Brute Force Attack?

A brute force attack in simplest terms is a trial-and-error method to get access to your website. It performs sequential login attempts to your website using common username (e.g. admin) and password (e.g. admin123) combinations.

Now, how do you protect your WordPress website/blog from such attacks? Here I am listing some ways that can help you protect your WordPress website.

How to protect WordPress from Brute Force Attack?

  1. Strong Password: Make sure that you have a strong password. Use random alphabets, numbers and special characters. Do NOT use strings like 123456 or qwerty.
  2. Stealth Login Page: This is a really cool plugin by Jesse Petersen that allows you to create a custom login URL that is known only to you. Any attempts to access the login page by simply using /wp-login.php or /wp-admin will fail. Check out this plugin on WP Repository.
  3. Limit login attempts: This is a good way of denying access to login page or forcing a password reset when the login attempts with incorrect login details reaches a certain limit. You can use this plugin, Limit Login Attempts
  4. Password Protect WordPress login: Ipstenu has published a nice tutorial to protect the access to wp-login.php file. Click here to read the tutorial.
  5. Hire me: So busy to handle this on your own? Or you think you need some technical help? Feel free to contact me.

Get free e-mail updates

{ 2 comments… add one }

  • Karen Clark April 15, 2013, 12:52 am

    Thank you, Puneet! Your simply solutions are appreciated as I know many who have WP sites but are in a bit of a “tizzy” over this! Thank you!


Leave a Comment

Next Post:

Previous Post:



Puneet Sahalot I am Puneet, a freelance WordPress developer with over three years of experience. I build websites and blogs using Thesis framework.

I built the first responsive Thesis 2.0 skin and was featured on WMPU.org. When not writing code, I love traveling and clicking photographs. Read more.

Reach me via:

  • e-mail: puneet[at]icustomizethesis[dot]com
  • twitter: psahalot
  • Skype: puneetsahalot
  • Contact Page: Here

I use and recommend

How smart is your Theme?  How good is your support? Check out ThesisTheme for WordPress. Soliloquy - The Best Responsive WordPress Slider Plugin. Period. Gravity Forms Plugin for WordPress