Brute Force WordPress Attacks Are Preventable With Limited Login

  Posted On: October 27, 2011  |    Posted by: Mick  |    Posted In: Uncategorized

Brute Force WordPress attacks are probably one of the oldest internet tricks in the book. Basically these attacks are performed by bots (or people) who have special scripts running that are usually hooked up to some sort of “Common Password Dictionary” where it will try hundreds of combinations of words and numbers automatically until it figures out your password. When it does figure out your password, it emails the owner of the bot and lets them know how they can gain access and usually perform not so nice things to your site and personal information.

A good way to combat this, besides using a really secure password, is to enable “Limited Login” to prevent Brute Force WordPress Attacks. This is the system, that I am sure you all have seen before, where it only allows you to try to login 5 times before it locks your account for a set amount of time. This usually either frustrates an individual who doesn’t want to wait or it causes a bot to move on to another, less secure site. Ultimately stopping a Brute Force WordPress Attack.

Enabling this on WordPress is very easy using a plugin called Limited Login Attempts. To install the plugin, just follow the instructions below:

First navigate to the Plugins section of your WordPress Dashboard and select Add New.

At the next screen, locate the search box and perform a search for Limited Login Attempts.

On the results screen, you should right away find a perfect match for Limited Login Attempts. Click Install Now to start preventing Brute Force WordPress Attacks!

Once it’s installed, that’s it! You could configure the plugin a little if you want, in the settings area – but for the average user, its default settings are perfect.

To test the plugin, you’ll have to logout of your WordPress Dashboard and return to your login screen. Enter in some random password and hit enter; you’ll immediately be told you only have X attempts remaining to login:

Here’s what it looks like after you’ve failed to login a few times.  I will show you, so you don’t have to lock yourself out of your dashboard for 20 mins.

The plugin bans via IP address. It’s not the most secure thing to do as you could easily use a proxy to avoid the issue, but it is enough to stop a bot from trying – which is the most important thing.

Enjoy your new found security, and be sure to remember your password.  Otherwise, you might find yourself locked out!

Once Limited Login is installed you’ve prevented Brute Force WordPress.


Warning: count(): Parameter must be an array or an object that implements Countable in /srv/users/serverpilot/apps/mickolinik/public/wp-content/plugins/testimonials-by-woothemes/classes/class-woothemes-widget-testimonials.php on line 87

Warning: count(): Parameter must be an array or an object that implements Countable in /srv/users/serverpilot/apps/mickolinik/public/wp-content/plugins/testimonials-by-woothemes/classes/class-woothemes-widget-testimonials.php on line 88

Warning: count(): Parameter must be an array or an object that implements Countable in /srv/users/serverpilot/apps/mickolinik/public/wp-content/plugins/testimonials-by-woothemes/classes/class-woothemes-widget-testimonials.php on line 89

Warning: count(): Parameter must be an array or an object that implements Countable in /srv/users/serverpilot/apps/mickolinik/public/wp-content/plugins/testimonials-by-woothemes/classes/class-woothemes-widget-testimonials.php on line 90

Praise

Mick has consistently over delivered every time we need – ROCKSTAR is a very fitting name!

Copyright Mick Olinik 2024 | All Rights Reserved.