Protecting Your WordPress Site from Brute Force AttacksHackers are not just hacking top websites anymore. Using Brute force attacks, they are looking for every vulnerability on all websites, no matter how big or small. What are you doing to protect your WordPress website from Hackers… or even are you?

Website hackers are hacking websites in increasing numbers and for a number of reasons, but one of the big reasons to hack a website is for the money. Injecting your website with malicious code, creating redirects to where-ever they wish.

Take our Poll!

  • Cybercrime cost the global economy more than $400 billion, and it’s increasingly hurting smaller operations.
  • Targeted attacks against small businesses nearly doubled in 2013

Below is one email you DO NOT want to receive from your hosting provider:

Your web hosting account for yourdomain.com has been deactivated, as of 03/24/2015. (reason: terms of service violation – malware/virus)
This deactivation was due to a Terms of Service violation associated with your account. At sign-up, all users state that they have read through, understand, and agree to our terms. These terms are legal and binding.
Although your web site has been suspended, your data may still be available for up to 15 days from the date of deactivation; if you do not contact us during that 15 day period, your account and all of its files, databases, and emails may be deleted.

..and it can happen to you. Don’t make me have to say “I told you so”, at the very least, take a few preventive steps to help protect your WordPress site from hackers.

Other that doing the obvious like not using Admin as your username, there are a few other things you can do that take just a few minutes to do.

First, keep your plugins and WordPress version up to date. Old, outdated plugins are a popular way to hack into your site and your hosting account. Once in, if you have several different websites on that server, they got ’em all.

Brute force (also known as brute forcecracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

Another common way that hackers attempt to hack your site is using Brute force. A simple hackers program that will attempt to log into your site using random usernames and passwords.

2 Free Plugins to Help Protect Your WordPress Site from Brute force Hackers.

Plugin 1) If you want to see if your site is being attacked using Brute force, install the “Limit Login Attempts” plugin. You may be surprised at how many bots are trying to hack into your site.

Limit Login Attempts Results

What this plugin will do is limit the login attempts. When login attempts go over the limit you set, it will block the IP for a time period that you set. Pretty efficient.


Plugin 2) BruteProtect logs every failed attempt community-wide. When an IP has too many failed attempts in a specific period of time, BruteProtect logs and blocks that IP across the entire BruteProtect network (your site included). The more users of BruteProtect, the safer we all are from traditional brute force attacks, and distributed brute force attacks that use many different servers and IP addresses.

BruteProtect is a cloud-powered Brute Force attack prevention plugin and the best protection against botnet attacks.


A third option, possibly the best option though it does cost less than $100 a year, would be to add Sitelock, a Website Malware Scanning & Automatic Malware Removal that you can add to your web-hosting server. This will find and fix threats before they become problems.

A small price to pay in comparison to fixing a hack.


Whatever you do, don’t do nothing and think you are not susceptible to attack… because in 2015 and beyond a site that is not protected, is a target.

Pin It on Pinterest

Shares