How To Protect WordPress Site From Brute Force Attacks
WordPress is the most popular CMS we have on the planet. It empowers more than 25% of the world’s website. Due to its popularity and ease to use, it is the main target for the hackers to hack a WordPress site. Though WordPress is pretty much secure. But it is important to prevent our site from Brute Force Attacks.Brute Force Attack is a type of Attack where the hacker tries different username and password guesses to log in to the site without the owner permission.
There are many ways to perform a brute force attack on any site, but the most common method is dictionary-based attacks, where the hacker tries hundreds of username and password combination within few minutes. They continue this process until they find the right username and password combination.
Here, in this blog article, I am going to share few things to follow immediately to make your WordPress site secure from brute force attack.
Change WordPress Login URL:
The default WordPress login URL, i.e., http://www.domainname.com/wp-admin to access the WordPress dashboard is very easy to guess for hackers to attack a WordPress site.
So it is important to change the default WordPress login URL to make it difficult for hackers to attack. This can be easily done by using a WordPress plugin called WPS Hide Login.
Simply install the plugin and activate it. After Activation go to Settings then General Section to configure the plugin as shown in the above screenshot.
Avoid Common Usernames and Use Strong Passwords:
The hacker always starts by using the easy to guess username and password combination to make a brute force attack on a site.
It is important to not to use usernames like “Admin”, “admin”, “Administrator” etc.
Also for better security and prevention, it is highly recommended to use passwords that contains lower and upper case alphabets, numbers and symbols. So it is good to use passwords like “435gh#AdEf” or “c.dAg546%43” etc.
The strong username and password you will have, the more difficult it will be for hackers to log in to your website.
Limit The Login Attempts:
For best security measure, it is important to restrict the number of login attempts to your WordPress site. You can block user IP address when some one fails to log in after specific login attempts.
This can be easily achieved by using a WordPress plugin called Login LockDown. By installing and activating the plugin, you can set the number of attempts to log in.
So if some one try to log in and the person reached to the set numbers of attempts, then he will be blocked.
You can set a time period to block a user for that much of time to try again and also you can view the activity tab to check the block IP addresses.
Doing so can add another layer of security to your WordPress site, and this will help to stop much of the attacks to log in to your WordPress site.
Adding Captcha To Login Page:
To stop and slow down brute force attack, it is good practice to use pre login captcha to access your WordPress site.
As we mention above hackers, try with IP ranges to attack your site, so some time Limit Login Attempt will not work fine as that much. So to further improve the security and stop the spammer and bots from logging in, it is good to add another layer of security.
This can be done by using a captcha on the login screen. Fortunately, WordPress plugin Login No Captcha reCAPTCHA will add this feature to your WordPress site.
Doing so will further enhance the security of your WordPress site, and you can stop much of the brute force attacks on your WordPress site.
Use CloudFlare CDN:
Using Content Delivery Network is an excellent way to speed up your site and secure it further from hackers attacks.
CloudFlare is a best CDN service that will handle all the brute force attacks on your site. Just create an account and configure the security settings. Set the options to Medium or High and you are good to go.
The good thing is that if you are ever under attack, then you can set the option “ I am Under Attack” and you will be all clear after a short span of time.
To increase your WordPress site security further, Read How to Secure WordPress Site From Hackers.
Securing your WordPress site from brute force attacks and others spammers attack must be the first priority of all WordPress users.
Follow all the steps that I discussed above and add security layers to your website. The stronger the security of your site would be, the difficult it will be for the hackers to attack and damage your site.