Secure Your WordPress Website from Brute Force Attacks

Protect your website against brute force attacks

Posted on February 21, 2014

Web security firms claim that over 30,000 websites are breached daily. I don’t know if that’s true; however, I do see a high malware infection-rate (20-25%) on older sites when companies ask for website upgrade quotes.  Employing a method to repel brute force attacks is one of many security layers that should be integrated into every website.  The following are few popular WordPress security plugins I’d like to provide some insight on…

 

‘Limit Login Attempts’

I was told that the popular website hosting company, WPEngine, enforces the use of this plugin. Really? I recommend that webmasters avoid this plugin for something else. Two reasons…

  • According to the WordPress.org CODEX, this plugin hasn’t been updated since June of 2012 (wow!); and,

‘Stealth Login Page’

A recommendation by designer Ozzy Rodriguez; however, be careful, it’s not for beginners. A webmaster can easily get locked out of their own website if one’s full attention isn’t used during setup. This plugin generates a secret login authorization code that needs to be entered. If not entered correctly, those attempting to log in will be redirected to another URL.

‘WP-Activity’

I find this to be a good plugin for monitoring login attempts. Install this plugin, and over the course of a few months, you’ll see- and be amazed at- how many times your website’s login page was attacked. Ever wonder why your website is slow? This plugin may show you why. It also has a blacklist feature which can block the IP of that persistently pesky hacker.

‘Login Security Solutions’

This plugin is good because it’s not reliant on the use of cookies, as other security plugins are. Instead, it uses the technique of layered time-outs after failed log-ins. It also automatically resets passwords after ‘X’ number of failed log-ins.

The one type of WordPress security plugin we’re all keeping our eye out for is a true 2-step verification plugin, in-line to what Google uses. There are a few that have been released, but none we can yet endorse. When such a plugin becomes available, we’ll give our recommendation.

 

Written by Peter La Fond

Having lived most of his life in Northern California, Peter consults for organizations of all sizes on Internet marketing engagement, strategy and execution. He regularly speaks on website design techniques and WordPress. Peter is a graduate from California State University, Sacramento, and practices the ancient art of eating sushi with nose-hair-curling wasabi.

About My Internet Scout

Based in Wilmington, North Carolina, My Internet Scout, LLC is an Internet Marketing firm for small- and medium- size businesses. We specialize in WordPress website design, marketing and related services that include e-commerce, event registration, maintenance, content creation and search engine optimization (SEO). We service a variety of clients across the United States.

Related Posts

2 Comments

  1. Jonathan

    This is a good topic that I was recently contemplating. I will have to try some of your suggestions. Thanks for the info.

  2. Ozzy Rodriguez

    I think Limit Login Attempts is a good plugin. Just because it hasn’t been updated in a while doesn’t mean it’s been abandoned, it just hasn’t needed any updates.

    I do think it’s a nice plugin to have in your back pocket and use it in addition to other plugins. I run both Limit Login Attempts and Stealth Login Page, along with http://wordpress.org/plugins/force-strong-passwords/ which forces my clients to have strong passwords. I haven’t had any issues yet.

Pin It on Pinterest