WordPress is the most popular platform for blogging.There are several hundreds of templates available using which the look and feel can be changed very easily without messing up the actual source code.It is very easy to install and configure wordpress.This, being one of the important reasons, number of users installing wordpress is increasing day by day.
As many of them simply configure the basic settings , there are huge number of vulnerabilities which are wide open for the hackers.The recent incident where about 90,000 IP addresses [wordpress with default 'admin' account] were subjected to brute-force attacks had raised the concerns related to the security issues. There are several ways of protecting wordpress blogs/websites and here we explain you about a free wordpress security plugin which can protect you from such Brute Force Attacks.
What is a Brute Force Attack ?
It is the simplest way of trying to get access to the user account details by using the common possibilities. Say, here in this case, many users while installing wordpress let the default login id as “admin“. So, for this user-id, all the possible password combinations were triggered to get access to the correct login details.
By default wordpress allows unlimited login attempts which makes it easier to get proned for brute force attacks.
How To Secure your WordPress Blog From Brute Force Attacks ?
Limit Login Attempts is a free wordpress plugin which helps your blog from Brute Force attacks.After reaching the certain attempts during login [say, 3 times wrongly entered password], it simply blocks the IP address of the hacker/user and locks out for certain amount of time. This activity makes it possible to stop the brute force approach.
This plugin also blocks the attempts to login by using using auth cookies.
Installation and Settings for Limit Login Attempts Plugin
Step 1 : Install the plugin from Dashboard > Plugins > Add New > Search For “Limit Login Attempts” > Install Now
Step 2 : Dashboard > Settings > Limit Login Attempts
The above screenshot provides information about all the possible settings.
- Statistics field provides details related to the number of lockouts happened since that last reset activity.
- Option field is self explanatory.
- Lockout log provides information about the IP address which got locked out for invalid password entries.
Note : Even though there are no recent updates for this plugin, I have tried it on the latest wordpress version 3.5.2 and is working exactly as mentioned.
For more security, create a new user with admin rights and transfer all the existing files/articles to the new user. After successful transfer, delete the admin user account.
Hope this article has helped you in protecting your wordpress blogs using a simple free wordpress plugin. Share or retweet this article to help your friends/user know about this security plugin.
Join our newsletter [below box] to get free and fresh content delivered automatically each time we publish on Blog Smart Guide.