Preventing Brute Force Attacks Against WordPress Websites

BruteProtect

BruteProtect is a cloud-powered Brute Force attack prevention plugin and aims to provide the best protection against botnet attacks.

Every WordPress site which has BruteProtect installed will become a part of BruteProtect network. When an IP address is blocked due to malicious activity (such as a some number of failed login attempts) it’s shared among all the sites so that they all can block it before it begins to harm any sites.

You can think of BruteProtect as an advanced version of the above Brute Force Login Protection plugin as it has a bigger list of bad bots therefore probably doing well in the case of a distributed brute force attack.

One feature that the BruteProtect plugin doesn’t have that the Brute Force Login Protection plugin does is a slow down script execution for failed login attempts. However, it doesn’t matter that much, as it takes up memory for the extra time.

The problem using this plugin is that WordPress is loaded on every request for the IP address verification to be done. Therefore, if a brute force attack is done on a large enough scale then the site can still become overwhelmed and fall over.

source: https://www.sitepoint.com/preventing-brute-force-attacks-against-wordpress-websites/

Some more url with some more information: 

1. http://www.inmotionhosting.com/support/edu/wordpress/wp-login-brute-force-attack

2. https://codex.wordpress.org/Brute_Force_Attacks

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to Secure WordPress Website?

OMG, my Website is Hacked, What to do? In this era, if your website is getting compromised or...