A Brute Force Attack is the simplest kind of method for gaining access over a website. Hackers design bots that automatically attempts to login to WordPress installation by trying different usernames and passwords, over and over.
In this articles we will show you how you can use different measures to slow down brute force attacks on your website by adding login protection.
Brute Force Login Protection is a WordPress plugin that uses .htaccess file for securing your login page.
Start by installing and activating Brute Force Login Protection in WordPress
Upon activation, visit your admin area dashboard Settings -> Brute Force Login Protection page and set your options:
- You can limit the number of allowed login attempts using normal login form
- You can limit the number of allowed login attempts using Auth Cookies
- You can manually block/unblock IP addresses
- You can manually whitelist trusted IP addresses
- You can delay execution after a failed login attempt (to slow down brute force attack)
- Provides you option to inform user about remaining attempts on login page
- Provides you option to email administrator when an IP has been blocked
- Allows you to set custom message to show to blocked users
The good thing about thing plugin is that you can slow down brute force attacks by delaying in seconds when a login attempt has failed on your website.