WordPress Codex lays out that the success of a brute force attack is completely decided by the level of complexity employed by a user while choosing a user name and a password. Setting up an easy user name and password is actually facilitating a brute force attack.You are in a very delicate situation if your user name is Admin and your password is “admin123”.
You must never use the admin user name as majority of the brute force attacks are based on the assumption that the username is admin – which is also true in a striking number of cases. Earlier versions of WordPress came with this default user name. In a brute force attack – several thousands of combinations of user names and passwords are used to get access into a site.
Here is a list of 8 security plugins to prevent brute force attacks on WordPress –
As mentioned above, a brute force attack tries several combinations of the usernames and passwords. So it makes perfect sense to restrict the number of login attempts to check brute force attacks. The fewer chances that you give to a password cracker tool, the more secure you become.
This is also the underlying principle of this plugin – Limit Login Attempts. It allows a certain number of login attempts to each IP address. After this “n” number of unsuccessful attempts, a user’s IP is blocked. A site admin will get to define the number of allowed login attempts for its users. Any attempt beyond this will blacklist the concerned Internet address. A user will be prompted about the remaining number of attempts available.
Every failed attempt is recorded with BruteProtect. When an IP address attempts multiple unsuccessful login attempts, BruteProtect logs all these attempts and blocks this IP address across the entire BruteProtect network including your site.
The USP of this plugin is that it secures your site from potential harm even though your site may not be the currently targeted site. Using BruteProtect adds you to a network that actively monitors and addresses the botnet attacks.
Each new site that employs this plugin adds more security to your site.
This plugin provides protection against brute force attacks by restricting the number of login attempts. The IP address used for the unsuccessful logins is blocked and reported.
It allows 5 attempts for logging in. Each unsuccessful attempt is recorded. After 5 consecutive unsuccessful attempts, this plugin blocks any further access to wp-login.pgp page for an hour. By restricting the number of login attempts to 5, this plugin safeguards a site against brute force attacks.
Better WP Security plugin combines several healthy practices for enhancing the overall security for a WordPress site. It protects a site against brute force attacks by blocking hosts and users with multiple unsuccessful login attempts.
This plugin works similar to the bruteprotect. If a site using WordFence security faces attacks, Wordfence protects it by blocking the attacker. This protection is extended to your site too in case you use WordFence security. It includes login security to combat brute force attacks.
BulletProof security is a heavily downloaded WordPress security plugin. It provides security at several levels. Bulletproof is fast and easy to configure and it is site performance optimized.
A cookie based brute force login prevention feature is used in this plugin. A simple math captcha is added to the login process. You can configure your login page to be different from the default login page – wp-login.php.