WordPress Brute Force Protection
A brute force attack is a common problem for WordPress site owners. The iThemes Security plugin offers WordPress brute force protection by limiting the number of failed login attempts allowed per user. This means if someone is trying to guess your password, they’ll get locked out after a few tries.
What are WordPress Brute Force Attacks?
Brute force attacks exploit the simplest method of gaining access to a site: by trying to guess usernames and passwords, over and over again, until they’re successful. WordPress sites are susceptible to this form of attack by default because the system allows users unlimited login attempts.
Using a WordPress Security plugin such as iThemes Security provides brute force protection by allowing you to customize login limits. The host user will be banned after the specified bad login threshold has been reached.
iThemes Security uses two different methods of WordPress brute force protection: local and network.
- Local brute force protection looks only at attempts to access your site. Users are banned per the lockout rules specified locally on your WordPress site.
- Network brute force protection takes it a step further by banning users who have tried to break into other sites from also breaking into yours.
How to Activate WordPress Brute Force Protection with iThemes Security
- To activate brute force protection on your WordPress site, you’ll need to download and install the iThemes Security plugin.
- Once you’ve installed an activated the plugin, navigate to the Brute Force Protection section on the Settings tab. In the Go To section, you can select Malware Scanning in the drop-down list.
- In the Brute Force Protection section, click Enable local brute force protection.
- In the same section, you can customize the threshold for max login attempts per host, max login attempts per user, minutes to remember bad login, and whether or not to immediately ban a host that attempts to login using the “admin” username.
- Click Save All Changes.
- We also recommend leveraging the power of the iThemes Brute Force Protection network to ban IPs hitting your site. To activate the iThemes Brute Force Protection network, enter you email address to get your free API key.
Get iThemes Security Pro with 30+ Ways to Protect Your WordPress Site Now
Get the #1 WordPress Security plugin with over 30+ ways to protect your WordPress site including scheduled malware scanning, two-factor authentication, ticketed support and more!
