My Opinions to Prevent Brute Force Attacks on WordPress Login
Yep, I know that there had been a great buzz regarding brute force attacks on WordPress Login globally. As I have written an article about how to access WordPress login area under brute force attack this will give you the chance make changes by enabling some security plugins to prevent your blog from being hacked. In this article I’m going show you the most common aspects that may cause your blog hacked in future. So, let me share my own opinions to overcome WordPress brute force attack for future time.
Make sure that you have followed this article and applied on your blog in order to read the rest of article i.e, Top 12 Practices to Secure your WordPress site From Being Hacked. And if you have just followed my article linked above, read a few more tips about preventing WordPress Brute Force Attacks.
Here are My Opinions
1. Stealth Login Page
It’s what I call a really great WordPress plugin which will enable you to generate a secret login page URL. It will definitely prevent the brute force attacks. This will protect the default WordPress login destination of your blog (wp-logn.php or wp-admin) from being accessed without editing a couple of codes in .htaccess file.
How it Works?
1. Install the plugin Stealth Login Page and activate it (How to install WP plugin)
2. Go to the Settings > Stealth Login Page
3. Enable/Disable, the redirect URL (just enter http://yourblog.com) and this will redirect the user whoever try to access the login page.
4. The question (one short word), the answer (one short word), and the plugin will combine both of these secret words in the login url as a string. You will be given an option to e-mail the website admins about the string login URL to access the login page.
However, you will be given a custom login URL on updating the plugin options on the same page, at http://yourdomain.com/wp-login.php?question=answer, use both secret keys to something more unique and hard so that others will not guess these keys. (I guess only use small, capitalized words and numbers in the secret keys).
2. Hide Unnecessary Information on failed Login Attempts
WordPress displays advanced information about the failed logins like username and password are incorrect, sometimes username is incorrect. And most of the times WordPress tell you whether username or password is wrong. This will tell the hackers exactly the about which usernames are active on your WordPress blog and then they use a password hacker to hack the passwords upon specific usernames. To set this issue, edit up your theme’s functions.php file, locate the following code in it to force the failed logins about both username and password is incorrect:
function wrong_login() { return 'Wrong username or password.'; } add_filter('login_errors', 'wrong_login');
3. Finally Set Daily Backups
It’s the last and final thing that you have to enable for enhancing your WordPress blog security. You must set daily backups of your blog database by using any free WordPress plugin. Let me tell you about top 10 WordPress database backup plugins.
If you have done all of the steps of this article. You can feel free to go with your WordPress blog. 🙂 Happy blogging.