Protect your WordPress from Brute Force Attacks

Recently, there was a worldwide, highly-distributed Brute Force Attack on WordPress sites.

Unlike hacks that focus on vulnerabilities in software, a Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. Often deemed 'inelegant', they can be very successful when people use passwords like '123456' and usernames like 'admin'.
Due to the nature of these attacks, you may find your account's memory (because the number of http requests is so high) goes through the roof, causing performance problems.

Take the following measures to Protect your WordPress site:

1. Don't use the 'admin' username

2. Create secure passwords
Passwords should be at least eight characters containing lower-case letter, upper-case letter, number and special character ($, -, !).

3. Keep WordPress up to date
Keep your WordPress website secure by updating your install when updates become available. Updating ensures all of the latest patches and fixes are applied to your site.

4. Rename wp-login.php
You can use the following plugin: Rename wp-login.php

5. Plugins can be used to limit the number of login attempts made on your site, or block people from accessing wp-admin:

6. Deny Access to No Referrer Requests using .htaccess
Change to your domain. If you're using Multisite with mapped domains, you'll want to change to (|| and so on.

# Stop spam attack logins and comments
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*
RewriteCond %{HTTP_REFERER} !.** [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

Was this answer helpful?

Also Read

.htaccess rules to Harden your website’s Security

Below you see a list of the important rules that you can add to your .htaccess file to harden...

How can I prevent my site from being hacked?

Typically, most sites are hacked because of poor passwords, older and exploitable software, or...

Secure Joomla with .htaccess

Advanced .htaccess rules that will overall secure and increase the speed of your Joomla...

Block Bad Bots and Spiders using .htaccess

Below is a useful code block for blocking a lot of the known bad bots and site rippers currently...

What does File Permissions "chmod" mean?

To chmod a file means to set certain permissions. By default, all files uploaded to the server...