GM haxxors! Currently at about 120 failed login attempts today and counting. Over the last few months, here at Non-Fungi, we’ve seen an increase of spam to our email accounts and also now getting numerous brute force and failed login attempts accross several of our WordPress sites. The attackers use different IP addresses simultaneuously target a username with multiple login attempts.
WP Brute Force Prevention Plugins: ✅ Limit Login Attempts Reloaded ✅ WPS Hide Login
For real, we’ve been beavering up on the best methods to prevent it, such as hiding the wordpress login and a limit login attempts plugin, and of course keeping the SSL certificate up to date. We’ve seen a few good videos on Youtube covering WordPress login security and will continue to do the due diligence to keep our site and content safe.
Yay to The Limit Login Attempts Reloaded! is a nice plugin with useful features and is very capable free version. It lets you limit the amount of failed logins before the IP is locked out for a period of time, which is also customizable. Also can send an email when a certain amount of lockouts have occurred. You can also blacklist or whitelist different IP addresses and has some upgradeable paid features such as a cloud app login and more features and support.
So, WPS Hide login is more of a useful plugin against your random hacker or surfer trying to login and to maybe hide from bots. This plugin lets you change the URL of the WP login page from the standard WordPress location. I will mention it’s evident that the more advanced haxxors seem to even be able to attempt to login, even when you delete the login php page from the server lol, I’ve tried that.
So, hope this helps if it gets picked up in search engines or other WordPress bloggers that IMO these are a couple of the best plugins that I have currently found to help slow down, and hopefully prevent unwanted visitor or bots logging in to your site.
There are some Youtubers that have covered this, so a couple we’ve checked out is Tony Teaches Tech, he has a couple of videos on Brute Force attacks and how to prevent them. Also WP Learning Lab, we’ve linked or embedded them below:
- Brute Force AttacksSo, like, it looks like the brute force login attempts are picking up again on this site. I just added google analytics back and have deactivated a bunch of plugins […]
- Display NFTs in WordPress RevisitedNFTs Displayed in WordPress Updated 10/24/22 Back last April when the iframe worked for embedding an OpenSea collection page (which now is blocked), we embedded NFTs from there or other […]
- React Three Fiber MetaverseBarely Coding Hashlips Metaverse We’ve been hacking on a couple of React Three Fiber tutorials where the website is fully interactive 3D environment. Really digging what we’ve seen so far. […]
- Old Ethereum NFTs Linagee Name RegistrarAn old domain register contract from 2015 was rediscovered and is currently having a comeback with hundreds of thousands of domain name NFTs minted in the past couple of days. […]
- NFT Rarity Ranking with MoralisNFT Rarity Ranking We’ve been hacking a bit at a NFT rarity app and have a local project going. NFT Rarity is a fascinating subject, that could be applied I’m […]
- Web3 Lens ProtocolLens Protocol Decentralized Social Media Web3 community graph open source protocol Lens Protocol is in early stages but already has a lot of dapps, tools, video, social media and NFT […]