How to protect your WordPress from brute force attacks? (Last part)


We come to the last part of this varied journey full of tips and recommendations to keep your website super safe!

Make sure with plugins

You should always have at hand a plugin that monitors the security of your entire blog. Depending on which one you choose, you will have more or less protection, but the basics should be protection against malware, file repair, spam filters, blacklist, firewall, etc. Some of the most recommended free options are the following.With all that in mind, you should also be running an overall WordPress security plugin.

Apart from those that are on the list, one of the most recommended plugins in blogs is Brute Force Login Protection, which will protect you, as its name says, from brute force attacks. This plugin limits the number of access attempts allowed and modifies the .htaccess file from the root of the files on your web page. For the latter, make sure it allows writing and not just reading, otherwise it will display the message: error: .htaccess file not writeable.

In the Options section you will see the configuration that you can adjust to your needs. Let’s see:

Allowed login attempts before blocking IP

This option serves to limit the attempts and will block the IP.

Minutes before resetting login attempts count

Here you can adjust how long the user or the IP should wait before being able to access the login page again.

Delay in seconds when a login attempt has failed

Here it is advisable to add the maximum number, 10 seconds, which is the amount of time between each failed attempt.

Inform user about remaining login attempts on login page

Uncheck this box (as a recommendation) so that the hacker does not have clues that your page has a protection plugin.

Send email to administrator when an IP has been blocked

The plugin will inform you about the IPs that are blocked, check this box.

Message to show to blocked users

You can customize the message that will show the user when the IP is blocked. If you do not mark it, it will show a default message.

Delete the plugins and themes that you do not use

Just as we mentioned that you must have the plugins updated and reliable sources, it is no less important to delete plugins and unused topics, as they are an opportunity for hackers to enter.

Just leave the default theme of WordPress installed, since it is a security measure in case your theme fails and will show the default.

Eyes wide open!

As what is not lacking is creativity, be extra careful always when you use the internet. Do not share your passwords, be careful with your data, do not skimp on security measures or legal and reliable tools, always keep your eyes open!

What did you find these tips? Do you have any additional? Tell us!


Jefferson Maldonado
the authorJefferson Maldonado
UX WordPress Designer
Ux & Web Designer. Portafolio: Divi Blogger, WordPress Expert, UX Designer, Business Consultant.

Leave a Reply

× Hey there !