Hello Friends, This is Abhay and today I’m going to show you how you can protect your WordPress site from brute force attack.
Brute Force attack is a common type of attack, that attacker try to gain access by using guessting password combinations.
By Wikipedia, AÂ brute-force attack, or exhaustive key search, is a cryptanalytic attack that can be used against any encrypted data. Such an attack might be used when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier. It consists of systematically checking all possible keys or passwords until the correct one is found.
From last few days, My blog trixhub.com getting lots of brute force attacks. So this is the reason I’m here to write this post. Our Blog is fully secure so i think no one can break easily by doing this type of stupid things.
Here is the screenshot of brute force attacks on my site.
How to Secure WordPress from Brute Force attacks:
There are many things to secure WordPress sites, Here i have listed the best ways to protect wordpress site from brute force attacks.
Method 1: Jetpack Users activate Protect Module
If you are using Jetpack wordpress plugin, Then you can easily proect your wordpress site by activating their protect module.
Protect is a cloud-powered brute force attack prevention tool. Jetpack Protect module leverage the millions of WordPress sites to identify and block malicious IPs. Protect tracks failed login attempts across all Jetpack-connected sites using the Protect module. If any single IP has too many failed attempts in a short period of time, they are blocked from logging in to any site with this plugin installed. Protect is derived from BruteProtect, and will disable BruteProtect on your site if it is currently enabled.
I recommend Jetpack to every wordpress users, Because this plugin have lots of features and originally developed by Automatic Inc. (A WordPress Development Team). You can check Essential WordPress Plugins for Bloggers.
Method 2: Use Limit Login Attempts Plugin
This is the another method to prevent wordpress brute force attacks. Limit Login Attempts Plugin, Limit the number of login attempts possible both through normal login as well as using auth cookies. This WP Plugin blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
I personally use this plugin on most of my sites. This plugin send me a mail everytime when failed login attempts made on site.
Method 3: Change WordPress Admin Username
Yes this is the most important thing, After installing wordpress, Change your admin username.
By default, WordPress generate username ‘admin’. and everyone knows your wordpress administator username. So you have to change imidiately this username.
But the question come how you can do this. You can use Better WP Security WordPress Plugin or create a admin level account and delete the first one.
I will create a step by step tutorial about changing wordpress username as soon as possible.
My Recommendation:
Personally, I’m using all the 3 above methods in my sites. and the best thing i am using a custom username in all of my WordPress site. So this is the best thing to protect from brute force attacker.