Not too long ago, a few of our clients’ WordPress websites were the victims of brute force attacks, which is when a hacker uses software which systematically checks all possible combinations of characters in the password, until they are granted access. Unfortunately, WordPress doesn’t come with any basic defenses to avoid such an attack. I tried a few security plugins that protect your site against brute force attacks – the one stuck out was Limit Login Attempts. It’s extremely easy to use and lightweight and has some key features:
- Configurable – allows you to configure the amount of login attempts allowed before lockout, and lockout durations.
- Log offenders’ IP addresses
- Turn-key setup – the only setup required is to activate the plugin
- It’s free