It is often seen that most of the WordPress sites   are hacked or damaged by   brute force attacks. Unlike the traditional hacking, brute force attack is a new phenomenon wherein hackers regularly   use random username and password to get access to your website. This hit-and-trial method works most of the times because majority of the site owners don’t have strong login credentials. In most cases, the site owners use the default username ‘Admin’ with any easy password combination like website name, phone number or something which is very easy to guess.


By default, WordPress don’t have any login attempt limitation. It allows unlimited login attempts either through the login page or by sending special cookies. So hackers can attempt as many times as they want to login to your website and don’t get halted after a single failed attempt. They can take an overwhelming toll on your server memory causing performance issues. That is why WordPress is not considered as one of the reliable CMS of PHPs.


Following are the ways to prevent your website from brute force attacks:


1)      Always avoid using the default username ‘Admin‘ while installing WordPress. In case, you already have username ‘Admin’, create a new user with Administrator rights. Log out from website admin and log back into WordPress with a new Administrator, and delete the default user ‘admin‘.


2)      While creating your password, always use a strong password combination consisting of upper and lower case characters, numbers and special symbols. Unfortunately, quite often we see the site owners with very weak passwords like abc123, 123456 or something related to their domain.


3)      Protect your site using plugins.  There are 3 plugins that I highly recommend – use the one (or two) that meet your needs:


  • Limit Login Attempts – This plugin limits the number of login attempts possible both through normal login as well as using auth cookies. For more details, click here.


  • Google Authenticator – This plugin gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry. The two-factor authentication requirement can be enabled on a per-user basis. To know more, click here


  • WordFence – This plugin checks if your site is already infected. It does a deep server-side scan of your source code comparing it with the Official WordPress repository for core, themes and plugins. It secures your site and makes it up to 50 times faster.  For further info, click here


4)      Always keep your WordPress site updated with the latest version of WordPress and plugins. Most of the times we don’t run WordPress update as there is a possibility of losing the custom coding done in WordPress files. To avoid losing your customization, always put your custom code in a separate file so that even after the WordPress is updated, you won’t lose your custom code.


5)      Always download WordPress Plugin and themes from trusted and reliable sources.



Posted By-

Mohit Saxena


Disclaimer: Developer’s Corner Section of ISHIR blog is contributed and maintained by independent developers. The content herein is not necessarily validated by ISHIR.


  1. Alex says:

    Thanks for sharing such kind of nice information with us about virus attack. If you have any issues regarding the internet and browsing security than Kaspersky Antivirus is the best safeguard to protect the data from harmful attacks.

  2. Narain says:

    This is a topic that’s close to my heart… Cheers! Where are your contact details though?

  3. Philippe Lee says:

    You have made some decent points there. I checked on the web for more information about the issue and found most individuals will go along with your views on this website.

  4. Noman S says:

    Hi, this is very great blog, thank for sharing this info with the universe

  5. Hanford says:

    Hi, this is very wonderful web, thank for sharing this info with us

  6. Dwaney says:

    I’ll just sum it up what I wrote and say, I’m thoroughly enjoying your blog. I as well am an aspiring blog writer but I’m still new to the whole thing. Do you have any recommendations for novice blog writers? I’d really appreciate it.

  7. Johnathan says:

    I have been exploring for a little bit for any high-quality articles or weblog posts on this sort of house. Exploring in Yahoo I ultimately stumbled upon this web site. Studying this info So I’m glad to exhibit that I have a very excellent uncanny feeling I came upon exactly what I needed. I so much without a doubt will make sure to do not put out of your mind this web site and provides it a glance regularly.

Leave a Reply

Your email address will not be published. Required fields are marked *