Stop Brute Force WordPress Login Attacks

Brute force attacks eat up your server resources, slow your site down and give the hackers a chance to log in to your website. Save your website TODAY!

With WordPress powering over 33% of all website, it has a pretty huge target on its back.

Hackers love to target the platform looking for site owners who haven’t secured their website properly.

Easy to guess username and password combinations are still one of the biggest vulnerabilities that hackers use to get into your website.

Hackers can take control of thousands of infected computers, called a bot-net, to target websites by guessing multiple usernames and password combinations.

This is called a brute force attack and it happens more often than you would think.

An efficient way of stopping these brute force login attacks is to identify and block the IP address of the attacking computer.

My favourite WordPress firewall is Wordfence and I would recommend that everyone install it. It comes with a feature to stop brute force attacks.

You may not want to install a fully-fledged firewall plugin, or you may find that it has a conflict with existing plugins on your site.

In that case, a single plugin is an ideal candidate and I would recommend Limit Login Attempts Reloaded.

The plugin is simple but effective, banning the IP addresses of machines that produce a login error multiple times over a short period of time.

IP addresses are obfuscated in the DB to comply with GDPR.

Limit Login Attempts Reloaded Settings Page

The settings allow you to control the number of login attempts, the lockout time as well as setting IPs to whitelist and blacklist.

There is a simple table log to view and unlock banned IP addresses if needed.

Resource Saver

Obviously having hackers logging into your website is very bad, however, all the script bots attempting to guess your password uses up server resources and ultimately will slow your website down.

Banning their IP address will help to decrease the load on your server as ultimately the script bots will switch to attacking another server.

WordPress Site Care

Stopping brute force login attacks is one of the many features our WP Wingman WordPress Site Care packages offer to save you time that you can focus on running your business.

Posted in


Wil is a dad, consultant, developer, conference organiser, speaker and business mentor. He co-organizes the WordPress Sydney meetup group and has been on the organising committee for WordCamp Sydney since 2014. He speaks at many special events and contributes to the WordPress open source project. His likes are chillies, craft beer and electrogravitics.
Scroll to Top