{"id":19868,"date":"2021-02-03T00:25:45","date_gmt":"2021-02-02T18:55:45","guid":{"rendered":"https:\/\/valeurbit.com\/blog\/?p=19868"},"modified":"2021-02-12T18:16:09","modified_gmt":"2021-02-12T12:46:09","slug":"how-to-protect-your-wordpress-site-from-brute-force-and-other-types-of-attacks","status":"publish","type":"post","link":"https:\/\/valeurbit.com\/blog\/how-to-protect-your-wordpress-site-from-brute-force-and-other-types-of-attacks\/","title":{"rendered":"How To Protect your WordPress Site From BruteForce And Other Types Of Attacks?"},"content":{"rendered":"\n<p>Brute force attacks can crash your website and disrupt your online business if the necessary prevention tools are missing.<\/p>\n\n\n\n<p>A brute force attack can be carried out with either humans or bots, constantly trying to log in with guessed credentials on your WordPress site.<\/p>\n\n\n\n<p>It gets worse when the login page is not secure and some research has noticed thousands of wp-login.php login attempts per minute.<\/p>\n\n\n\n<p>Let&#8217;s take a look at the SUCURI chart.<\/p>\n\n\n\n<p>Over 1 million attacks per hour!<\/p>\n\n\n\n<p>There are several ways to prevent brute force attacks;&nbsp;Here are some of them that you can follow.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Hide WordPress login<\/h2>\n\n\n\n<p>One of the first things you should consider after setting up your website is to hide the login area.<\/p>\n\n\n\n<p>By default, the WordPress login page is available as:<\/p>\n\n\n\n<ul><li>&nbsp;\/wp-login.php<\/li><li>\/ login<\/li><li>\/ wp-admin<\/li><li>\/ admin<\/li><\/ul>\n\n\n\n<p>So, if the bad guys know you are using WordPress and the login area is not hidden, then they can easily access the login page and prepare for a brute-force attack.<\/p>\n\n\n\n<p>Let&#8217;s hide the WordPress login area with the following plugins.&nbsp;You can use any of them.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">WPS Hide Login<\/h3>\n\n\n\n<p><a href=\"https:\/\/wordpress.org\/plugins\/wps-hide-login\/\" target=\"_blank\" rel=\"noreferrer noopener\">WPS Hide Login<\/a>&nbsp;is a lightweight plugin with over 600,000 active installations. This plugin will help you change your login url to whatever.<\/p>\n\n\n\n<p>After changing the login url, if someone tries to access&nbsp;<strong>wp-admin, \/wp-login.php, \/ login, \/ admin<\/strong>&nbsp;, it will give a 404 error page.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">iThemes Security<\/h3>\n\n\n\n<p>The premium plugin offers comprehensive WP security protection.<\/p>\n\n\n\n<p><a href=\"https:\/\/ithemes.com\/security\/\" target=\"_blank\" rel=\"noreferrer noopener\">iThemes<\/a>&nbsp;&nbsp;plugin providing security tools.&nbsp;Some of the features include:<\/p>\n\n\n\n<ul><li>Brute force protection<\/li><li>Block suspicious users<\/li><li>Hide login<\/li><li>Two-factor authentication<\/li><li>Malware scan<\/li><li>Database backup<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Malcare<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.malcare.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Malcare<\/a>&nbsp;&nbsp;is a versatile WordPress protection plugin.&nbsp;It offers 24\/7 login protection and protects against malicious traffic.<\/p>\n\n\n\n<p>Malcare offers features such as malware scanning, malware removal, smart web firewall, one-click amplification, and more.&nbsp;You can get it started for as little as $ 99 per year.&nbsp;It is worth investing to keep your online business safe.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">2. Implement two-factor authentication<\/h2>\n\n\n\n<p>Two-factor authentication adds an extra layer of security to your WordPress website.&nbsp;Along with your credentials, you also need to provide a one-time password (OTP).<\/p>\n\n\n\n<p>This is achievable with the following plugins.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Two-factor<\/h3>\n\n\n\n<p>Fantastic and lightweight&nbsp;<a href=\"https:\/\/wordpress.org\/plugins\/two-factor\/\" target=\"_blank\" rel=\"noreferrer noopener\">plugin<\/a>&nbsp;&nbsp;allows you to implement two-factor authentication for admin, member, etc.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/itgap.ru\/static\/uploads\/posts\/2020\/05\/07\/fd6895dbbc40f0531f7dbbf098ba2be1.png\" alt=\"Two-factor\"\/><\/figure>\n\n\n\n<p>You can set up email based authentication, Google Authenticator and U2F.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Google Authenticator<\/h3>\n\n\n\n<p>As the name suggests, you can use this&nbsp;<a href=\"https:\/\/wordpress.org\/plugins\/google-authenticator\/\" target=\"_blank\" rel=\"noreferrer noopener\">plugin<\/a>&nbsp;to log in with Google Authenticator.<\/p>\n\n\n\n<p>After you enable the plugin and set up authentication, you should see the above screen when logged into your WP admin.<\/p>\n\n\n\n<p>The above methods are plug-in based, but you might also want to consider using a cloud security provider&#8217;s protection.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3. Cloud security<\/h2>\n\n\n\n<p>Why Cloud Security?<\/p>\n\n\n\n<p>Using a plugin to secure your site means that all traffic, including bad traffic, reaches the WordPress servers.&nbsp;Imagine you are getting a lot of useless traffic.<\/p>\n\n\n\n<p>By using cloud protection, your WordPress server only receives legitimate traffic.&nbsp;All bots, spam, suspicious requests are terminated in the network of the security provider.<\/p>\n\n\n\n<p>Sounds good, right?<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Cloudflare<\/h3>\n\n\n\n<p>One of the popular CDN and security providers.&nbsp;<a href=\"https:\/\/www.cloudflare.com\/waf\/\" target=\"_blank\" rel=\"noreferrer noopener\">Cloudflare WAF is<\/a>&nbsp;included in the PRO plan, which costs $ 20 per month.<\/p>\n\n\n\n<p>You get all the standard protections like DDoS, 10 OWASP vulnerabilities, spam, evil bots, brute force, etc.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">SUCURI<\/h3>\n\n\n\n<p><a href=\"https:\/\/sucuri.net\/website-firewall\/\" target=\"_blank\" rel=\"noreferrer noopener\">SUCURI<\/a>&nbsp;&nbsp;specializes in antivirus and firewall software.&nbsp;They help you stop hacking attempts, stop DDoS attack, clean hacking and keep your site completely secure.&nbsp;Including protection against brute force attacks.<\/p>\n\n\n\n<p>SUCURI&#8217;s WordPress security is probably the only thing you need to protect your site from Brute Force and many other vulnerabilities.&nbsp;The advantage of SUCURI is that it supports many other platforms like Joomla, Drupal, Magento, PHP, so in case you change the website technology in the future, you don&#8217;t need to spend $ more on security.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>Securing your site is very important, and if you want to mitigate brute force attacks then one of the above plugins will do the job.&nbsp;However, if you&#8217;re seriously looking for a complete security solution, go for cloud protection.&nbsp;It&#8217;s worth it!<\/p>\n\n\n\n<p>Stay Safe!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Brute force attacks can crash your website and disrupt your online business if the necessary prevention tools are missing. A brute force attack can be carried out with either humans or bots, constantly trying to log in with guessed credentials on your WordPress site. It gets worse when the login page is not secure and&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v16.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How To Protect your Wordpress Site From BruteForce And Other Types Of Attacks? | ValeurBit Infosec<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/valeurbit.com\/blog\/how-to-protect-your-wordpress-site-from-brute-force-and-other-types-of-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How To Protect your Wordpress Site From BruteForce And Other Types Of Attacks? | ValeurBit Infosec\" \/>\n<meta property=\"og:description\" content=\"Brute force attacks can crash your website and disrupt your online business if the necessary prevention tools are missing. A brute force attack can be carried out with either humans or bots, constantly trying to log in with guessed credentials on your WordPress site. It gets worse when the login page is not secure and...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/valeurbit.com\/blog\/how-to-protect-your-wordpress-site-from-brute-force-and-other-types-of-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"ValeurBit Infosec\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/valeurbitinfo\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-02T18:55:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-02-12T12:46:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/itgap.ru\/static\/uploads\/posts\/2020\/05\/07\/fd6895dbbc40f0531f7dbbf098ba2be1.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@valeurbit\" \/>\n<meta name=\"twitter:site\" content=\"@valeurbit\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/valeurbit.com\/blog\/#organization\",\"name\":\"Valeurbit Infosec\",\"url\":\"https:\/\/valeurbit.com\/blog\/\",\"sameAs\":[\"https:\/\/www.facebook.com\/valeurbitinfo\/\",\"https:\/\/www.instagram.com\/valeurbit\",\"https:\/\/www.linkedin.com\/company\/valeurbit-infosec\/\",\"https:\/\/twitter.com\/valeurbit\"],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/valeurbit.com\/blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/valeurbit.com\/blog\/wp-content\/uploads\/2021\/02\/Valeurbit-new-logo-center.png\",\"contentUrl\":\"https:\/\/valeurbit.com\/blog\/wp-content\/uploads\/2021\/02\/Valeurbit-new-logo-center.png\",\"width\":1080,\"height\":512,\"caption\":\"Valeurbit Infosec\"},\"image\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/valeurbit.com\/blog\/#website\",\"url\":\"https:\/\/valeurbit.com\/blog\/\",\"name\":\"ValeurBit Infosec\",\"description\":\"Cyber Security Company\",\"publisher\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/valeurbit.com\/blog\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-protect-your-wordpress-site-from-brute-force-and-other-types-of-attacks\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/itgap.ru\/static\/uploads\/posts\/2020\/05\/07\/fd6895dbbc40f0531f7dbbf098ba2be1.png\",\"contentUrl\":\"https:\/\/itgap.ru\/static\/uploads\/posts\/2020\/05\/07\/fd6895dbbc40f0531f7dbbf098ba2be1.png\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-protect-your-wordpress-site-from-brute-force-and-other-types-of-attacks\/#webpage\",\"url\":\"https:\/\/valeurbit.com\/blog\/how-to-protect-your-wordpress-site-from-brute-force-and-other-types-of-attacks\/\",\"name\":\"How To Protect your Wordpress Site From BruteForce And Other Types Of Attacks? | ValeurBit Infosec\",\"isPartOf\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-protect-your-wordpress-site-from-brute-force-and-other-types-of-attacks\/#primaryimage\"},\"datePublished\":\"2021-02-02T18:55:45+00:00\",\"dateModified\":\"2021-02-12T12:46:09+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-protect-your-wordpress-site-from-brute-force-and-other-types-of-attacks\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/valeurbit.com\/blog\/how-to-protect-your-wordpress-site-from-brute-force-and-other-types-of-attacks\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-protect-your-wordpress-site-from-brute-force-and-other-types-of-attacks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/valeurbit.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How To Protect your WordPress Site From BruteForce And Other Types Of Attacks?\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-protect-your-wordpress-site-from-brute-force-and-other-types-of-attacks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-protect-your-wordpress-site-from-brute-force-and-other-types-of-attacks\/#webpage\"},\"author\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/#\/schema\/person\/df20c1cd317765fa8677a3056caeccfa\"},\"headline\":\"How To Protect your WordPress Site From BruteForce And Other Types Of Attacks?\",\"datePublished\":\"2021-02-02T18:55:45+00:00\",\"dateModified\":\"2021-02-12T12:46:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-protect-your-wordpress-site-from-brute-force-and-other-types-of-attacks\/#webpage\"},\"wordCount\":702,\"publisher\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/valeurbit.com\/blog\/how-to-protect-your-wordpress-site-from-brute-force-and-other-types-of-attacks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/itgap.ru\/static\/uploads\/posts\/2020\/05\/07\/fd6895dbbc40f0531f7dbbf098ba2be1.png\",\"articleSection\":[\"Valeurbit\"],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/valeurbit.com\/blog\/#\/schema\/person\/df20c1cd317765fa8677a3056caeccfa\",\"name\":\"ValeurBit\",\"sameAs\":[\"https:\/\/valeurbit.com\/blog\"],\"url\":\"https:\/\/valeurbit.com\/blog\/author\/valeurbit\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/posts\/19868"}],"collection":[{"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/comments?post=19868"}],"version-history":[{"count":0,"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/posts\/19868\/revisions"}],"wp:attachment":[{"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/media?parent=19868"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/categories?post=19868"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/valeurbit.com\/blog\/wp-json\/wp\/v2\/tags?post=19868"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}