Brute-force attack is a method that commonly used by crackers to get the username and password from their victims. How this method works is very simple, and fairly easy to understand, but can be very difficult to protect against. Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in.
It will attempt to match the username and password using the specified dictionary which usually consists of a collection of password & username that is often used by users. This technique is widely used in the 90s, but it does not mean that now is no longer effective. There is always a gap which can be utilized to perform this technique.
A study conducted by one of the leading internet security firm, Sucuri, revealing the fact that quite surprising. WordPress got a fairly large percentage against this attack :
So how to protect your WordPress from this attack? Fortunately, there are a few plugins that are able to block this attack. In this article, I will provide a review of some anti-brute-force attack plugins, which is pretty good to protect your website.
1. Stealth Login Page
The plugin provides second layers of security to your login page. First, of course your username and password. And second, a secret login authorizaiton code. Those who do not enter this additional authorization will be automatcally redirected to a customizable URL. How to use it is quite simple and easy. You only need to enter a secret authorizaiton code, and you are done.
Brute-forcing one by one to the victims is a tedious job. Therefore, most crackers use a tool what is called Botnet, to make their work easier. Botnets will perform brute-force attacks automatically to many targets at once. Fortunately, now there are some plugins that are connected globally to counter this botnet attack, and one of the best is BruteProtect. BruteProtect is a cloud-powered Brute Force attack prevention plugin for WordPress.
3. iThemes Security
If you feel the plugins above are still not enough and you need a more powerful level of security, then you can use iTheme Security. This plugin is extremely powerful. Novice users will simply overwhelmed in using it. But if you feel geek enough, then this plugin is for you. This plugin has a dozen options that you can use to strengthen your WordPress security.
It will try to detect the vulnerabilities that may be present in your WordPress instalation, and gives you the option to fix it. One of very useful feature of this plugin is to limit the number of unsuccessful login attempt (Brute-Force attack).
Security Best Practices?
like the old saying goes, “Prevention is better than a cure”. Understand and implement security best practices are things that are absolutely necessary, in order to maintain the security of your website. Use strong password, never entrust your password to anyone and anything and always perform periodic backups are a must.