Prevent Bruteforce Login Attacks on Your WordPress

193

We recently suffered a brute force login attack on one of my servers which was causing some sites to be unreachable and the server load was sky-high. After installing a logging script on the server we found out that the problem was caused on one installation of WordPress – hackers were using a script to try and guess the password of the admin account. After identifying the problem we were able to prevent this from continuing but not after some downtime to various websites resulting in a loss of income for my company.

In this post I’m going to talk you through a few methods to prevent this so the same doesn’t happen to you.

CHANGE ADMIN USERNAME

This is mentioned all the time, but it really is an important step – don’t use “admin” as your admin username, pick something unique for each site. This was the cause of the problem with my site, I had the admin username as admin so this was the main reason for the attack. Because the hacker knows the username is admin, they are half-way to getting the login details and can use a brute-force script to try many different passwords in combination with the username. If the username is something they don’t know, this type of attack is not really possible.

USING .HTACCESS

If you are using PHP hosting which most WordPress installations will do, you can use a .htpassword file and .htaccess to prevent anyone even loading your wp-login.php file unless they know the username and password to do so – this provides an extra layer of security as there is now two lots of username and passwords to access your WordPress admin area. This is fairly simple to setup, you will need to know the server path to your website which will be something like: home/website

First you need to generate a htpasswd, you can do that on this site. Enter a username, click “Generate Password” and then click “Generate htpassword content” and save the text from the right hand box as a file named .htpasswd ( with no extension ) and upload this to your hosting, outside the public_html directory.

1

Change “~/.htpasswd” to the location of your .htpasswd file and change “mysecretuser” to the username you chose when creating the htpasswd file.

LIMIT ACCESS TO YOUR ADMIN AREA BY IP ADDRESS

If you are the only person who needs access to your WordPress admin area and you have a static IP address, you can limit access to yourself only by adding a rule in an .htaccess file within your wp-admin directory. The code to use is :

# Block access to wp-admin.
order deny,allow
allow from x.x.x.x
deny from all

Just change x.x.x.x for your actual IP address, which you can find out here.

RECOMMENDED PLUGINS

There are a number of plugins you can use which will further enhance your login security, as follows.

from : http://wplift.com/prevent-bruteforce-login-attacks-wordpress

[quote font=”verdana” font_size=”14″ font_style=”italic” color=”#474747″ bgcolor=”#F5F5F5″ bcolor=”#dd9933″ arrow=”yes” align=”centre”]This Demo Content Brought to you by Momizat Team [/quote]

this is tags and keywords : wordpress themes momizat Tutorial wordpress  templates

Compartilhar.

Autor

193 Comentários

  1. Pingback: ukraine girl free dating

  2. Pingback: hpv dating sites free

  3. Pingback: free online dating agency uk

  4. Pingback: free dating site in uae

  5. Pingback: free dating site in canada without credit card

  6. Pingback: free dating for over 50

  7. Pingback: absolutely free online dating site

  8. I have learn some excellent stuff here. Definitely price bookmarking
    for revisiting. I wonder how a lot effort you put to make any such magnificent informative site.

  9. Admiring the commitment you put into your site and in depth
    information you present. It’s nice to come across a blog every once
    in a while that isn’t the same out of date rehashed material.
    Excellent read! I’ve bookmarked your site and I’m including your RSS feeds to my Google account.

  10. Wow that was odd. I just wrote an extremely long comment but after I clicked submit my comment didn’t appear.
    Grrrr… well I’m not writing all that over again. Regardless, just wanted to say great blog!

  11. Thank you a bunch for sharing this with all people you actually realize
    what you are speaking approximately! Bookmarked. Please additionally discuss with my web site =).
    We can have a link alternate arrangement among us

  12. Hey I know this is off topic but I was wondering if you knew of any widgets I could add to my
    blog that automatically tweet my newest twitter updates.

    I’ve been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience
    with something like this. Please let me know if you run into anything.
    I truly enjoy reading your blog and I look forward to your new updates.

  13. constantly i used to read smaller content that also clear
    their motive, and that is also happening with this paragraph which I am reading at this place.

  14. I seriously love your blog.. Pleasant colors & theme.
    Did you develop this website yourself? Please reply back as
    I’m attempting to create my own site and would love to learn where you
    got this from or what the theme is called.
    Many thanks!

  15. I do not even know how I ended up here, but I thought this post was good.
    I do not know who you are but certainly you’re going to a famous blogger if
    you aren’t already 😉 Cheers!

  16. Do you have a spam problem on this site; I also am a blogger, and I was wondering your situation; we have created some nice methods and we
    are looking to exchange strategies with others, why
    not shoot me an e-mail if interested.

  17. This is really interesting, You are a very skilled blogger.
    I’ve joined your rss feed and look forward
    to seeking more of your fantastic post. Also, I have shared your web site in my social networks!

  18. Oh my goodness! Awesome article dude! Many thanks, However I am going through troubles with your RSS.
    I don’t know why I cannot subscribe to it.
    Is there anybody having similar RSS issues? Anyone that knows the solution will you kindly respond?

    Thanx!!

  19. Superb post but I was wanting to know if you could write a litte more on this subject?

    I’d be very grateful if you could elaborate a little bit more.
    Thank you!

  20. Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point.
    You clearly know what youre talking about, why throw
    away your intelligence on just posting videos
    to your site when you could be giving us something
    informative to read?

  21. Hi this is kind of of off topic but I was
    wondering if blogs use WYSIWYG editors or
    if you have to manually code with HTML. I’m starting
    a blog soon but have no coding skills so I wanted
    to get advice from someone with experience. Any help would be enormously appreciated!

  22. If some one needs to be updated with most up-to-date technologies afterward
    he must be pay a visit this website and be up to date everyday.

  23. Genuinely no matter if someone doesn’t understand then its up to other visitors that they will help, so here
    it takes place.

  24. Hi my loved one! I wish to say that this post is awesome, nice written and come with approximately all important infos.
    I would like to peer extra posts like this .

  25. Hello! I just wanted to ask if you ever have any issues with hackers?
    My last blog (wordpress) was hacked and I ended up losing months
    of hard work due to no data backup. Do you have any methods to protect against hackers?

  26. Great beat ! I would like to apprentice even as you amend your web site, how can i subscribe
    for a blog site? The account helped me a appropriate deal.
    I were tiny bit familiar of this your broadcast offered bright clear idea

  27. Greetings! Very helpful advice in this particular post!
    It’s the little changes that will make the most significant changes.
    Many thanks for sharing!

  28. I am really impressed with your writing skills as well as with
    the layout on your weblog. Is this a paid theme or did you customize it yourself?
    Anyway keep up the nice quality writing, it’s rare to see a
    nice blog like this one nowadays.

  29. Every weekend i used to pay a quick visit this website,
    because i wish for enjoyment, as this this site conations genuinely
    good funny information too.

  30. Hello there, just became alert to your blog through Google,
    and found that it’s truly informative. I’m going to watch out
    for brussels. I will appreciate if you continue this in future.
    A lot of people will be benefited from your writing.
    Cheers!

  31. Fantastic goods from you, man. I have understand your stuff previous to and you’re just too great.
    I actually like what you have acquired here, really
    like what you’re saying and the way in which you say it.
    You make it entertaining and you still care for to keep it wise.

    I can’t wait to read much more from you. This is actually a great web site.

  32. I have learn some excellent stuff here. Certainly price bookmarking for revisiting.
    I wonder how a lot attempt you put to make this kind of magnificent informative web site.

  33. Excellent weblog right here! Additionally your web site quite a bit up
    fast! What host are you using? Can I get your affiliate link to
    your host? I want my site loaded up as fast as
    yours lol

  34. Pingback: 100 free deaf dating site

  35. I was suggested this website by means of my cousin. I’m now
    not sure whether or not this put up is written through
    him as no one else recognize such designated about my problem.
    You’re incredible! Thanks!

  36. Pingback: adult free dating site

  37. Pingback: uk free online dating

  38. Pingback: free no strings dating

  39. Greetings! This is my 1st comment here so I
    just wanted to give a quick shout out and say I genuinely enjoy reading through your
    posts. Can you suggest any other blogs/websites/forums that deal with the same subjects?

    Thanks for your time!

  40. Asking questions are truly fastidious thing if you are not understanding
    something fully, except this post gives good understanding yet.

Leave A Reply

X