Protect Your WordPress from Brute-Force Attack

zea 27 Agu 2014 2 Menit 0

Advertisements

Brute-force attack is a method that commonly used by crackers to get the username and password from their victims. How this method works is very simple, and fairly easy to understand, but can be very difficult to protect against. Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in.

It will attempt to match the username and password using the specified dictionary which usually consists of a collection of password & username that is often used by users. This technique is widely used in the 90s, but it does not mean that now is no longer effective. There is always a gap which can be utilized to perform this technique.

A study conducted by one of the leading internet security firm, Sucuri, revealing the fact that quite surprising. WordPress got a fairly large percentage against this attack :

 

Brute-Force attack precentage today

Brute-Force attack precentage today

source

So how to protect your WordPress from this attack? Fortunately, there are a few plugins that are able to block this attack. In this article, I will provide a review of some anti-brute-force attack plugins, which is pretty good to protect your website.

Advertisements

1. Stealth Login Page

Wordpress Stealth Plugin

WordPress Stealth Plugin

 

The plugin provides second layers of security to your login page. First, of course your username and password. And second, a secret login authorizaiton code. Those who do not enter this additional authorization will be automatcally redirected to a customizable URL. How to use it is quite simple and easy. You only need to enter a secret authorizaiton code, and you are done.

 

Wordpress Stealth Plugin

WordPress Stealth Plugin

 

Wordpress Stealth Plugin

WordPress Stealth Plugin

 

VISIT

 

 

Advertisements

2. BruteProtect

BruteProtect WordPress Plugin

BruteProtect WordPress Plugin

 

Brute-forcing one by one to the victims is a tedious job. Therefore, most crackers use a tool what is called Botnet, to make their work easier. Botnets will perform brute-force attacks automatically to many targets at once. Fortunately, now there are some plugins that are connected globally to counter this botnet attack, and one of the best is BruteProtect. BruteProtect is a cloud-powered Brute Force attack prevention plugin for WordPress.

 

BruteProtect WordPress Plugin

BruteProtect WordPress Plugin Settings

 

BruteProtect WordPress Plugin

BruteProtect WordPress Plugin

 

VISIT

 

 

3. iThemes Security

iThemes Security WordPress Plugin

iThemes Security WordPress Plugin

 

If you feel the plugins above are still not enough and you need a more powerful level of security, then you can use iTheme Security. This plugin is extremely powerful. Novice users will simply overwhelmed in using it. But if you feel geek enough, then this plugin is for you. This plugin has a dozen options that you can use to strengthen your WordPress security.

It will try to detect the vulnerabilities that may be present in your WordPress instalation, and gives you the option to fix it. One of very useful feature of this plugin is to limit the number of unsuccessful login attempt (Brute-Force attack).

 

iThemes Security WordPress Plugin

iThemes Security WordPress Plugin

 

VISIT

Advertisements

Advertisements

Security Best Practices?

like the old saying goes, “Prevention is better than a cure”. Understand and implement security best practices are things that are absolutely necessary, in order to maintain the security of your website. Use strong password, never entrust your password to anyone and anything and always perform periodic backups are a must.

Last Updated on Mei 18, 2016 by Udhi Sapto Vilanata

Bagikan ke:
zea
Ditulis oleh

zea

Web Developer, Technical Writter and WordPress enthusiast, currently working at well-known Yogyakarta based startup company, called Tonjoo Corp. See my Github for project portfolio.

Advertisements

Leave a Reply

Alamat email Anda tidak akan dipublikasikan.

Situs ini menggunakan Akismet untuk mengurangi spam. Pelajari bagaimana data komentar Anda diproses.