This week’s article is on WordPress Brute Force attacks, a topic that is not widely talked about by WordPress users until they fall victim of this attack. Before we get into the meat of things, let’s just understand what a Brute Force attack is. A Brute Force attack is when a person or machine tries to gain access to the back-end of your website by trying various login credential combinations over and over again till they succeed or crash your website. It has to be noted that this kind of attack is not only limited to WordPress installations as many other platforms can be targeted like this. For now, we will only look at this topic from a WordPress perspective.
Here are a few things that you can do on your website to minimize the risk of being a Brute Force attack victim;
Unique Usernames
Do not use the term “admin” as an administrative user account. Yes, it is an easy word to remember but it is not advisable to use it. Therefore if you have any users on your website who have that kind of username, then you need to delete that account and create a new administrator account with a unique user name.
Strong Passwords
Use a strong passwords for all your admin accounts. The best practice is to use a password that has at least 12 characters with a combination of digits, letters, numbers and symbols. This way, it will be very difficult for someone of a bot to easily guess your password.
Install Anti Brute Force Plugins
There are plugins that are available to help you combat Brute Force attacks. Over the years, we have come to rely on two (2) plugins that we install on all our WordPress projects. Check them out below;
Limit Login Attempts: This is a plugin that allows anyone from any IP to try to login to the back-end of your website for up to 3 times. If all login attempts are unsuccessful, the user is blocked and are not allowed to try again.
Brute Protect: This plugin will track failed login attempts across everyone who visits your website, by gathering the IP addresses of the attackers and block them before they can strike you. The strength of this plugin really lies in the number of people who use it. The more people who use it, the more IPs it will catch, and the better chance it has of blocking an attacker before they can get your site.
The above plugins are great, easy to use and have a one-click install.
These are just the basics of how to avoid Brute Force attacks. Of course there are other complex ways that you can employ to keep your website safe from hackers but these are the easiest solutions that even the most basic user can employ.
Do you need help securing your site? Contact us and we can help!