2 WordPress Plugins To Protect Your Blog From Brute Force Hacking

IN WordPress

Being a WordPress blogger, it is obvious that you are much concerned about the blog security. We all like to keep our blogs secure against the hackers. WordPress users are lucky enough that there are several security plugins and other template tweaks to safeguard the blog from hacking attempts. One of them is changing the default WordPress username ‘admin‘. If you haven’t done this yet, I strongly recommend to do it by referring here.

Brute force is one of the oldest forms of hacking, where a hacker run a script and attempt to login to your account by trying different combination from dictionary Words. Depending upon the complexity of your password, it may take 1 hour to few days to get access to your account. This is one reason, why I keep asking you to stop using “admin” username and change it to something else. Also, always use a complex password.

You should know that by default WordPress allows unlimited login attempts through the login page. It may encourage the potential hackers to guess your password by the method call BruteForcing.

You need to ensure that your login page is protected from Brute Force attack. Here I’m sharing two plugins (#1 is highly recommended) to protect your login page from Brute Force attack.

Use Jetpack Brute Force protection

I have updated this post to let you know about newest feature addition in Jetpack plugin. Chances are you might be using Jetpack plugin & if yes, you don’t need to use Limit login or any other plugin to protect from Brute force attack. Jetpack have added a new module call Protect.

Jetpack Protect module

If you have Jetpack plugin installed, enable the Protect module, and your WordPress blog will be protected from Brute force attack. The dashboard will also show you the number of blocked malicious login attempts. You also get an option to whitelist specific I.P. from Jetpack > Settings > Protect > Configure

Whitelist Login I.P.

Limit Login to Limit the number of logins tries in WordPress:

Brute Force attack can also be prevented by using Limit Login Attempts plugin. It helps the admin to limit the number of login attempts possible both through normal login as well as using auth cookies.

  • Limit the number of retry attempts when logging in (for each IP)
  • Limit the number of attempts to login using auth cookies in the same way
  • Informs user about remaining retries or lockout time on the login page
  • Optional logging, optional email notification
  • Handles server behind reverse proxy

Screenshots

  • Plugin options page:
    Limit login Attempts PLugin
  • Login error page:
    wordpress Limit Login Attempts login page
  • Email I got after a lockout:
    wordpress Limit Login Attempts email screenshot

[Plugin download page]

If you are getting too many hacking attempts, you can use WordPress Stealth Login plugin. It helps you to create custom URLs for logging in.

Do share other useful WordPress plugins which you use to keep your WordPress blog safe and secure?

Subscribe on Youtube

Click to activate Offer & visit site Discount added automatically
No related entires

Subscribe to SML Newsletter

Receive Blogging Tips & Strategies

Get WordPress Guide eBook for free in the 2nd newsletter

100% privacy. we will never spam you

  • Author Bio

  • Latest Post

Blog post by Shafar

Shafar has written 1 articles.

Follow ShoutMeLoud on Twitter. Subscribe to ShoutMeLoud feed via RSS or EMAIL to receive instant updates.


    Testimonials
    Send Us Inquiry

    Comments

    1. Bill says

      Please note that Limit Login Attempts hasn’t been updated in two years. Looking through the support section for the plugin you will see some problems with admins being locked out and at least one post about it being hacked.

    2. says

      What about using captcha on WP login page? There is a plugin called “Captcha on Login”. Anyone has any experience with this plugin?

      • says

        @Andrej
        Captcha plugin is also useful, but if you have an active site where users need to login every now & then, it can give bad user-experience. I would recommend use Jetpack security module instead. If registration is open on your blog, use Wangguard plugin along with it.

    3. says

      I am using Limit Login Attempts with captcha on login page and it is working good on for me. There are really attempts I can see that are there trying to get through my website. Thanks for letting us know more on security.

    4. Meezan Rahman says

      I have an article site of 13 subscribed author(including myself) and a little bit worried about my sites security as it is a quite new site of mine. Definitely this plug-in will give me a shy of relief.

      Thanks for the nice post.

    5. Shafar says

      Those are very good plugins for blog security. In case of ‘Stealth login’, we just need to give the login URL to the authors if our blog is multi-authored.

    6. Mani Viswanathan says

      I’m using Login LockDown as well as Stealth login. This is an alternative..Also as Harsh had mentioned in his earlier post its important to change default username and to hide the wordpress version to avoid exploits.

    7. Shafar says

      Good to hear that. Hope you too are receiving some lockout emails as shown in the screenshot. :D

    8. Tech Maish says

      Shafar thanks for shairng this plugin. I am using it and is very useful for worpdress bloggers.

    9. Dev says

      Great Plugin,
      I’m currently using login lock down plugin.
      Now going to try this plugin.
      Thanks for sharing !! Good Job.

      ~Dev

      • Shafar says

        ‘Login LockDown’ is a good alternative. If you are not satisfied with it, you can try ‘Limit Login Attempts’. :)
        Regards.

    10. Arijitblog says

      Helpful WordPress plugin for blog safety!! :) No more Hacking of the blog “admin panel”… :)

      Thanks for sharing with us!! :)

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>