How to Stop Brute Force Attacks on WordPress?

if you want to protect your WordPress site from Brute force attack. Then you should follow the below step. before going to step that can protect our website we are going to discuss what is Brute Force Attack?

Definition of Brute Force Attack

It is a process of hacking that uses trial and error system to compromise a network, a website, or a computer system. To perform these actions, Hackers uses automated software that sends huge number of requests against a specific system.

Hackers can get your admin access by this process and after that they can install backdoor, malware, steal user information, and delete everything on your site.

Step 1: WordPress Firewall Plugins

you can install a firewall plugin to stop unauthorized login to your WordPress site. With the help of these plugins, you can block their requests to your site. there are some firewall and security plugins links are:

BulletProof Security

Wordfence Security – Firewall & Malware Scan

Jetpack by

Step 2: Move WordPress Login Page

In this process you should hide your default login area that is:

  • /wp-login.php
  • /wp-admin.php
  • /login
  • /admin

for the above process, you can check out many plugins for moving default location to any location but I am suggesting you the move login plugin.

Move Login by Gregory Viguier

after installtion you should go to setting –> move login and change default login to another url (eg. developer-login).

Step 3: Install WordPress Updates

you should check your WordPress updates from time to time because of many times Hacker attacks on known vulnerabilities in older versions of WordPress. for this, you should log in to your Admin Dashboard and click on Updates tab.

Step 4: Limit WordPress WP-Admin Access To Specific IPs

In this process you should follow below step:

  • Login to your Cpanel
  • Click on file manager
  • go to document root for your site (eg. /home/sample/)
  • click on wp-admin folder for change .htaccess file(if a file is not there then create one file name .htaccess)
  • copy and below code to .htaccess file
  • change Allow from IP addresses which one is you are using and if you know your constant IP then enter it. (Note: if you want to know your IP address just search “what is my IP address” in google)

we hope this article helped you to protect your WordPress site from Brute Force Attack. if you like this article then follow our blog and comment on us.
for more reference check out this URL: Youtube Video

Chandan Kumar
Follow Me: