Protect wordpress blog from brute force attack

Written by Tushar. Posted in Blogging

WordPress is a very popular blogging platform and it is also prone to brute force attack. Sometimes blog administrator focuses more on SEO and other optimization things, but forgets to look into security factor. The security lapses give exposure to hackers.

Every blog administrator should give high priority to wordpress security by following the security guidelines.

Wordpress Security

What is Brute Force attack ?

Brute force attack is an approach to guess username and password consistently. Unfortunately most of the wordpress users have their username sets as default admin which makes it easy for hacker to guess only the password.

Prevention of wordpress blog from Brute Force Attacks

  1. First of all you need to create a different username other than default “admin.” For that goto Users and then Add New, now make sure to give Administrator as Role from the drop down box below. After all these steps, log in with new user name and then delete the default username “admin.” Before deleting the old username, be sure to assign all the posts of old username to new one.
  2. As you know WordPress has a huge repository of plugins, so use a security plugin to counter brute force attack.
  3. Set a strong password which should compulsorily be combination of characters (both Upper and lower case), numbers and special character (#, *, &, $, etc).

Plugins to counter Brute Force Attack

  • Limit Login attempts: This plugin will block the user after he/she enters wrong details more than once or twice.

protect wordpress from brute force attack

protect wordpress

  • Google Authenticator: This plugin provides two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry.

protect wordpress from brute force attack

  • Wordfence: It a free plugin with enterprise level of security. It has firewall, anti-virus scanning, malicious URL scanning.

protect wordpress from brute force attack


Using the above steps will ensure maximum security against the Brute Force attacks. But the worst thing can always happen, so always take regular back ups of your wordpress blog. If something worst happens then you can always recover to the previous state with your backups.



If you like this post then follow on Twitter and Facebook. If you have any query then contact the author.

Leave a comment