WordPress is one of the most popular CMS (content management system) for developing websites and blogging and it is not only popular among bloggers and developers but hackers and crackers are also pointing their evil eye on it. There are so many website attacks which are applied by hackers to exploit like SQL injection, XSS, LFI, RFI DOM based XSS, Cookie based SQL injection etc. but dictionary attack and brute forcing attacks are common in them. Before discussing the solution of this problem that is security of wordpress login i am going to tell you about dictionary and brute force attack so that it will be clearer to you for learning.
Following are the attacks by which an attacker can crack wordpress login.
Dictionary attack is method of cracking the password in which attacker uses the dictionary words for cracking or bypassing the credentials. It can be done through some specific tools or online scripts.
Brute Force attack is technique in which attacker uses a combination of random passwords for bypassing the login authentications. This method is most commonly used by attacker for cracking the passwords
From the above attacks definition it is clear that if we allow unlimited attempts for login then the chances of hacking of our login panel increases so, first of all we must have to set the account lockout policies for login panel,
How to secure wordpress login from these attacks..?
Of course, you can secure your wordpress login panel from all of these attacks through plugins and here I am going to discuss about BulletProof security plugin which have capability to secure your wordpress login from login attacks. ActuallyBulletProof Security plugins recently added a new feature i.e. Login security in it from which you can set the account lockout policy and can able to avoid brute forcing.
So let’s follow the steps and secure your wordpress login from being hacked.
Download the plugin BulletProof Security from here.
Install it into your wordpress panel.
Activate it and go ahead.
Open Login security dashboard from BulletProof Security Plugin as shown below.
Then set the maximum login attempt in a numeric form, number should not be lengthy it must be under 5 so that attacker won’t be able to apply bruteforce attack on it . Below picture say that an individual can try only for 3 times, after that if he will unable to login until the lockout period expires.
After that set the automatic and manual lockout time in minutes, the more you set the number of minutes the more you are able to protect your website. But if you are not willing to watch over your website regularly in that condition you can track the anonymous login activity through email alerts and all these features are available in one and only bulletproof security plugin.
Then save the settings, now your wordpress login is secure from above mentioned attacks.