A new way to combat WordPress Brute Force Attacks just arrived with the new iThemes Brute Force Protection Network. This new brute force protection setting is available in the latest version of iThemes Security — free to download on the WordPress.org Plugin Directory.
Understanding Brute Force Attacks
Unlike hacks that focus on vulnerabilities in software, brute force attacks exploit the simplest method of gaining access to a site: by trying usernames and passwords, over and over again, until it gets in. If one had unlimited time and wanted to try an unlimited number of password combinations to get into your site they eventually would, right?
WordPress sites, by default, are susceptible to this form of attack, because the system allows users unlimited attempts to log in. Enabling login limits will ban the host user from attempting to login again after the specified bad login threshold has been reached.
Network vs Local Brute Force Protection
iThemes Security includes two methods of brute force protection: local and network.
- Local brute force protection looks only at attempts to access your site and bans users per the lockout rules specified locally.
- Network brute force protection takes this a step further by banning users who have tried to break into other sites from breaking into yours.
Introducing the iThemes Brute Force Protection Network
By enabling this new setting in iThemes Security, the iThemes Brute Force Protection Network will automatically report the IP addresses of failed login attempts to iThemes and will block them for a length of time necessary to protect your site based on the number of other sites that have seen a similar attack.
The main benefit of this approach to brute force attack protection is the potential for millions of sites united against malicious IPs that are attacking WordPress sites everywhere.
How to Enable the iThemes Brute Force Protection Network
2. Click the Get API Key button.
You’ll be taken to the Brute Force Protection section in the plugins’ Settings Page. (You can also get here by using the drop-down navigation at the top of this screen).
3. Enter your email address to get your API key. Your API key will immediately be emailed to you.
We also recommend opting into our WordPress Security newsletter. We’ll keep you informed on the latest news and updates in WordPress security.
4. Click Save All Changes.
5. Check your inbox for your confirmation email with your API key. iThemes Security will automatically send you an email containing your iThemes Brute Force Protection Network API key.
6. All done! You’ve protected your site with the iThemes Brute Force Protection Network. Your API key will be automatically applied for you, so no further action is required.
Get iThemes Security Pro with 30+ Ways to Protect Your WordPress Site Now
Get the #1 WordPress Security plugin with over 30+ ways to protect your WordPress site including scheduled malware scanning, two-factor authentication, ticketed support and more!
Kristen has been writing tutorials to help WordPress users since 2011. As marketing director here at iThemes, she’s dedicated to helping you find the best ways to build, manage, and maintain effective WordPress websites. Kristen also enjoys journaling (check out her side project, The Transformation Year!), hiking and camping, step aerobics, cooking, and daily adventures with her family, hoping to live a more present life.