How to stop brute force attacks in WordPress?

26 views December 7, 2018 ankitrtm 0

I have heard people say that establishing an SSL certificate prevents brute force attacks on their site. You couldn’t be more wrong my friend.

Https secures the to and fro communication happening between two servers.

Learn why and how to migrate from HTTP to https in WordPress here securely.

Yes, it does make it a lot tougher for hackers to steal information here, but you must remind yourself that hacking takes a variety of forms. Brute force attacks are one of the other types of piracy which happens even if you have an SSL certificate.

Brute force attack is the traditional way of trying to gain access to your WordPress admin directory through trial and error basis. It can take an eternity for a hacker.

There is just one little problem:

They take the “help” of technology to run automated software until one of the many million combinations of username and password opens your directory.

Best (worst) example?

GitHub’s 2013 brute force victims had their credentials compromised due to an undetected brute force attack. More than 40,000 unique IP addresses were used to keep this prolonged attack undetected.

According to the entire Annual Threat Report 2017, brute force attacks have increased 400% in 2017.

Protect your WordPress from brute force attacks

Let’s start fortifying your WordPress website right now:

  1. Are you regularly backing up your website data? UpDraftPlus is the best plugin for backups. internal linking
  2. Have you used any WordPress plugin to engulf your servers with a firewall? Even if you have multiple backups, persistent login attempts from various sources can increase your loading time and decrease SEO rankings.
  3. Install a DNS level security. Cloudflare is a good choice because all the to and fro communications happen through Cloudflare and any suspicious login attempts get easily stopped.
  4. Keep all your plugins and themes up to date. Attackers love attacking old-loopholes left open (if you don’t update). Most of the WordPress plugins are open source. Imagine how quickly your site can be hacked.
  5. Add 2-factor authentication. Just like Google recommends using 2-factor verification for opening your Gmail, I recommend you to do the same for WordPress. The chances of the hacker having access to both your phone and WordPress are extremely low, so it’s a good way to prevent unauthorized logins.
  6. Add a reCAPTCHA in every single page where your customer has to either login or submit for contact forms, comments section, anything. Adding little puzzles or matching quizzes help deterring the automated hacking software from attacking.
  7. Finally, the best way to prevent brute force attacks is to have a unique, strong password. This goes without saying. Never use names or numbers only and commonly identifiable words.

And do not just depend on only one of the above-mentioned strategies. Implement at least two of the easiest methods recommended above, and you can rest in peace. And add your third security measure, you know, just in case.

If you find any difficulty while following these steps, please feel free to contact us.

In case your WordPress account has already been hacked by brute force attacks (or any malware removal), raise a support ticket RIGHT NOW and let our seasoned programmers handle this for you, at just $10/hr!

Was this helpful?