How to Prevent BruteForce Login Attacks on Your WordPress Blog?

Posted on


Have you come across a situation when your site was getting unreachable at times and also the loading took a lot of time? Though there can be a number of reasons for this, but one of the main reasons can be the bruteforce login attacks on your WordPress blog. A few hackers may have tried to guess your password that may have leaded you to such situation.

If you are facing some similar situation like this, this can be a bruteforce attack, and there are a number of things that you can do to prevent it from happening.

Changing the Admin Username

Changing the Admin Username

A very common mistake that people often do is of keeping the admin name as ‘admin’. Though it may look professional and also easy but this can be one of the very common reasons why your WordPress blog site may get attacked by bruteforce login. Hackers are already aware of the admin name, and the only thing that they need to do is crack your password. So, the best way is to keep am admin name that is unique and also something that can be remembered by you even if you login after many days.



Maximum WordPress blog site owners use PHP hosting and it has now become quite easy for many of the hackers to hack passwords of the WordPress blogs. What you can do is use .htpassword file along with a .htaccess. This will prevent any outside person to access even your wp-logon.php file if they do not know the admin name and password. Setting up the .htpassword is quite easy and simple if you know your server path of your WordPress blog site.

Limiting the Access to the Admin Area

Limiting the Access to the Admin Area

If you are the sole owner of your WordPress blog site and there is no other person to access it, then it is very important to limit the access only to yourself. This can be done if you have a static IP address. The access can be limited by making a change in the .htaccess file that is there in the directory of your wp-admin. The code that can be used is something like ‘allow from x.x.x.x.’ where the ‘x.x.x.x’ has to be changed by the original IP address.

Plugins for security

There are a number of plugins that are recommended for the security of your WordPress blog site. 4 of such plugins are described here.

1. Limit Login Attempts

This is a free plugin and is being used by a number of website owners to secure their sites. You have to set a number say for example 3. Now when someone is trying to crack your password, after 3 wrong attempts, the site will get blocked. Also you can set for the email notification set up as per which you will get a notification in your email when your site gets blocked by someone like this.

2. Rublon


Rublon is another free plugin that is worth using. It has an amazing ‘Two factor authentication’ that keeps your WordPress blog site secure from any kind of bruteforce login attempts. As per this plugin, you can set a number of devices from which you will access your website. If someone else tries to login to your site from any other device, it will ask for a PIN that must have arrived either in your email or your phone, without which the person cannot login. It allows you to access the site only from the devices that you have set up in the ‘trusted list’.

3. Rename WP-LOGIN.PHP

If you wish to have a very light plugin then you can use this one for sure. It will allow you to change the WP-LOGIN.PHP of your site. It does not change the .php completely but renames it to a certain extent so that the actual one gets inaccessible. But sometimes you may even forget the new URL so it is better to bookmark it or save it somewhere. If you wish to get back the original URL again, simply you can deactivate the plugin.

4. All In One WP Security & Firewall

Though the above mentioned plugins are quite useful to secure your WordPress blog site from various bruteforce login attacks, but in case if you wish to have a complete security package, then you can get this one. It has a number of features that helps you in keeping your site secure from such attacks.

  • Provides security to user accounts
  • Provides security to user login
  • Provides security to user registration
  • Provides security of database
  • Restores and offers backup for wp-config.php and htaccess
  • Offers functions of blacklist and firewall
  • Offers prevention against bruteforce login attempts
  • Features security scanner and whols lookup
  • Also offers protection against copy of front-end text and offers SPAM security

If your WordPress blog site is growing well, then there are high chances of hackers attacking your site. So, before you realize any abnormal symptoms in your site, you should take preventive actions such as renaming your admin name and others to keep your site secure from bruteforce login attacks. Apart from the various methods, also a great way to secure your site is to use plugins. There are a number of plugins available that can help you in getting your WordPress blog site secure from such bruteforce login attacks. Have a look at the various features and get one for your WordPress to keep it safe and secure.

Read related contents by similar tags:

Leave a Reply

Your email address will not be published. Required fields are marked *