Recently i was surprised to know about some of the excellent features in Backtrack 5 and Brute Force attacks where one of the most impressive techniques used in it. The features (You can rather call it commands..) such as the WPscan allows the attacker to get a set of usernames used in a WordPress site, when they get those usernames, they start trying the Brute Force Attacks on your site.
Damn, Whats Are Brute Force Attacks?
When my pal told me about these things, that first thing i asked was “What the hell is Brute Force Attacks?” Then he started to explain. In general, Brute Force attacks are trying out (guessing) various dictionary words, number series, Word combinations,etc. to get your password right. Its more like trying out various keys until you find the right one to get access to a locked door.
What Does It Do To My WordPress Site?
Of course, you all know that the hacker gets the access to your dashboard(Now He also gets your Password), so he can take down your site or can post anything he wants. Well, that’s not it! While the hacker tries the Brute Force Attacks it affects the performance of your website, It increases the load on the server (I may not be exact, but that’s what actually happens..) and it might crash or your website may suffer some down time.
How Can I Protect My WordPress Site From Brute Force Attacks?
Its was easy for me to secure Le Geeks from brute force attacks 😀 I even got notified when he did it! 🙂 its really simple. You just have to limit the number of “Sign In” attempts and you need to follow some tips.Lets start securing our site!
WordPress Brute Force Protection Using Limit Login Attempts-
As the names says it limits the number of login attempts which avoids the hacker from trying again and again. Brute Force Attacking is more like a guess work, so it takes a lot of attempts to get it right, limiting the number of attempts won’t give hacker the chance to get it right!
You don’t have to worry about the settings, they are really simple and doesn’t involve any coding. Just install the plugin and activate, later go to settings then go to “Limit Login Attempts” . You just have to fill out the values and you can even white-list your IP address for limiting the login, that means a user from your IP address can try to access your site as before without any limitations, I wouldn’t recommend it but it might come handy when you forget your own password.You can Get the Plugin here- Download Limit Login Attempts
Some Extra Tips To Secure Your WordPress Site Against Brute Force Attacks-
- Delet the “admin” username on your blog, hacker tries to use that username to get the password.
- Use capitals, symbols, space and numericals in your password.
- Stay away from a series such as “abcd…” or “12345….”, The Attacking script tries these series first.
- Try not to use dictionary words, replace letters such as “A” with “@”.
Make Sure You’ve Secured Your WordPress Site-
It was just a short informative post, I recommend you to do it even if you are sure that nobody is gonna hack your site, you never know whats gonna hit you.Share this article so that you’re friends can secure their sites.If you have any problems with setting up the plugin, just comment here,we’ll help you out and remember to leave your opinions in the comments 😀 . We will be back with many more WordPress articles, Stay tuned 🙂 .