{"id":9048,"date":"2020-01-20T12:00:45","date_gmt":"2020-01-20T12:00:45","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=9048"},"modified":"2020-01-23T05:43:41","modified_gmt":"2020-01-23T05:43:41","slug":"how-to-stop-brute-force-attacks-on-wordpress","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/how-to-stop-brute-force-attacks-on-wordpress\/","title":{"rendered":"How to Stop Brute Force Attacks on WordPress?"},"content":{"rendered":"\n

if you want to protect your WordPress site from Brute force attack. Then you should follow the below step. before going to step that can protect our website we are going to discuss what is Brute Force Attack?<\/p>\n\n\n\n

Definition of Brute Force Attack<\/h4>\n\n\n\n

It is a process of hacking that uses trial and error system to compromise a network, a website, or a computer system. To perform these actions, Hackers uses automated software that sends huge number of requests against a specific system.<\/p>\n\n\n\n

Hackers can get your admin access by this process and after that they can install backdoor, malware, steal user information, and delete everything on your site. <\/p>\n\n\n\n

Step 1: WordPress Firewall Plugins<\/h4>\n\n\n\n

you can install a firewall plugin to stop unauthorized login to your WordPress site. With the help of these plugins, you can block their requests to your site. there are some firewall and security plugins links are:<\/p>\n\n\n\n

BulletProof Security<\/a><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Wordfence Security \u2013 Firewall & Malware Scan<\/a><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Jetpack by WordPress.com<\/a><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Step 2: Move WordPress Login Page<\/h4>\n\n\n\n

In this process you should hide your default login area that is:<\/p>\n\n\n\n

  • \/wp-login.php<\/strong><\/li>
  • \/wp-admin.php<\/strong><\/li>
  • \/login<\/strong><\/li>
  • \/admin<\/strong><\/li><\/ul>\n\n\n\n

    for the above process, you can check out many plugins for moving default location to any location but I am suggesting you the move login plugin.<\/p>\n\n\n\n

    \"\"
    Move Login by Gregory Viguier<\/strong><\/em><\/figcaption><\/figure>\n\n\n\n

    after installtion you should go to setting –> move login and change default login to another url (eg. developer-login).<\/p>\n\n\n\n

    Step 3: Install WordPress Updates<\/h4>\n\n\n\n

    you should check your WordPress updates from time to time because of many times Hacker attacks on known vulnerabilities in older versions of WordPress. for this, you should log in to your Admin Dashboard<\/strong> and click on Updates<\/strong> tab.<\/p>\n\n\n\n

    Step 4: Limit WordPress WP-Admin Access To Specific IPs<\/h4>\n\n\n\n

    In this process you should follow below step: <\/p>\n\n\n\n

    • Login to your Cpanel<\/strong><\/li>
    • Click on file manager<\/strong><\/li>
    • go to document root for your site (eg. \/home\/sample\/)<\/li>
    • click on wp-admin<\/strong> folder for change .htaccess<\/strong> file(if a file is not there then create one file name .htaccess)<\/li>
    • copy and below code to .htaccess<\/strong> file<\/li><\/ul>\n\n\n\n