GM haxxors! Currently at about 120 failed login attempts today and counting. Over the last few months, here at Non-Fungi, we’ve seen an increase of spam to our email accounts and also now getting numerous brute force and failed login attempts accross several of our WordPress sites. The attackers use different IP addresses simultaneuously target a username with multiple login attempts.
WP Brute Force Prevention Plugins: ✅ Limit Login Attempts Reloaded ✅ WPS Hide Login
For real, we’ve been beavering up on the best methods to prevent it, such as hiding the wordpress login and a limit login attempts plugin, and of course keeping the SSL certificate up to date. We’ve seen a few good videos on Youtube covering WordPress login security and will continue to do the due diligence to keep our site and content safe.
Yay to The Limit Login Attempts Reloaded! is a nice plugin with useful features and is very capable free version. It lets you limit the amount of failed logins before the IP is locked out for a period of time, which is also customizable. Also can send an email when a certain amount of lockouts have occurred. You can also blacklist or whitelist different IP addresses and has some upgradeable paid features such as a cloud app login and more features and support.
So, WPS Hide login is more of a useful plugin against your random hacker or surfer trying to login and to maybe hide from bots. This plugin lets you change the URL of the WP login page from the standard WordPress location. I will mention it’s evident that the more advanced haxxors seem to even be able to attempt to login, even when you delete the login php page from the server lol, I’ve tried that.
So, hope this helps if it gets picked up in search engines or other WordPress bloggers that IMO these are a couple of the best plugins that I have currently found to help slow down, and hopefully prevent unwanted visitor or bots logging in to your site.