How to Protect WordPress From Recent Brute Force Attacks


Now it is confirmed that hackers are targeting WordPress based websites. A recent botnet has been found that is used for brute force attacks on WordPress and Joomla websites. This botnet contains more than 90,000 different IP address so it is hard to protect WordPress website only by blocking login attempts.

Protect wordpress website from hackers

If you are a WordPress user, you need to worry about that. In this post, I am listing few ways to protect your WordPress based website from Brute Fore attacks.

How to Protect WordPress From Brute Force Attacks

Stop Using username “admin”

This is the most common mistake WordPress users do. They use common users name such as admin, administrator, root or website name. Website having these usernames are most likely to be hacked. If you are using username as admin, change it now. Read earlier post explaining how to change username of WordPress website.

Use Strong Password

This is another common mistake generally users do. Never use a weak, short and easy to guess password.A strong password contains characters in upper case, lowercase, numbers and special characters. Password length must also be more than 10 characters. In Brute force attack, attackers try all common passwords. So, have an easy to guess password.

Limit Login attempts

You should also limit number of login attempts. If a person enters wrong password by these number of times, he will not be able to use login form any more. Although, this is an important step we can take to protect from brute force attack. But the recent attacks are using more than 90,000 different IP addresses. So, this protection may fail. Still, you can use this. You can use limit login attempts WordPress plugin.

Also read: How to backup WordPress

Password Protect WP-Admin

This is also a nice way you can use to prevent hackers from your website. For this, you can either use .htpasswds file method, or cpanel. If you want to use .htpasswds method, try this generator. If you are planning to do it with cpanel, login in cpanel and see security section.

Password protect directory

Use Some popular security plugins

There are some nice WordPress security plugins available that can help you in making your WordPress secure. These plugins are Wordfence Security, BulletProof Security and Better WP Security. These plugins protect WordPress from different kind of vulnerabilities and attacks.

Backup your Website

At last, keep the backup of your website. Although we have added many things to protect WordPress, but there is a possibility to hack your website. In case your website has been hacked, you can restore your website from backup. Read an older post explaining how to backup WordPress websites.

We cannot say why attackers are performing these attacks and what is the end of it. But it is never too late. You should try everything you can do to prevent hackers from hacking your WordPress. Try all steps mentioned above to protect WordPress website.


Deepanker Verma is the founder of Techlomedia. He is a tech blogger, developer and gadget freak.

Similar Articles


Leave a comment

Comment policy: We love comments and appreciate the time that readers spend to share ideas and give feedback. However, all comments are manually moderated and those deemed to be spam or solely promotional will be deleted.

2020 UseThisTip | Part of Techlomedia Internet Pvt Ltd Developed By Deepanker