Limit Login Attempts is excellent at stopping brute force attacks by locking out the IP after a specified number of failed login attempts. Many hackers will now just use another IP address but if you set it to 3 tries before lockout, it will help a lot.
Wordfence Security update today:
“As of 11am eastern time this morning we are monitoring the largest distributed brute force attack on WordPress installations that we’ve seen to date. The real-time attack map on http://www.wordfence.com became so busy that we’ve had to throttle the amount of traffic we show down to 4% of actual traffic.”
Plugin Author
AITpro
(@aitpro)
Yes, we have been noticing an increase in Brute Force activity on the internet for a week or so. See “Other Things to protect publicly displayed usernames” below for some additional things you can do.
No big deal and business as usual for us. BPS Login Security has been easily protecting against and blocking 300,000+ Brute Force attacks per month on ours sites since last April – 10 months – without breaking a sweat and without causing any unnecessary website/Server resource drain.
Limit Login Attempts is not bad, but BPS Login Security is of course better. We looked at what all the other Login Security plugins were doing before we created BPS Login Security. BPS Login Security takes the best concepts and methods, has/uses new concepts and methods and leaves all the other useless things behind. Efficient, powerful and simple. Sounded like a commercial there for a second. LOL 😉
Other Things to protect publicly displayed usernames
Here are some other things you can do to protect against hackerbots and spambots.
http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/
http://forum.ait-pro.com/forums/topic/user-account-locked/
http://forum.ait-pro.com/forums/topic/revealing-the-admin-or-editor-user-name-and-not-knowing/
http://forum.ait-pro.com/forums/topic/wordpress-author-enumeration-bot-probe-protection-author-id-user-id/
Thanks @loafintree for sharing the info, at least I don’t feel alone in this aspect.
BPS, you always shine like a superhero, keep it up!
Plugin Author
AITpro
(@aitpro)
Yep, Brute Force Attacks are a regular thing on the Internet and there are surges of increased attacks from time to time.
As you can see from this Sucuri post last year, Brute Force attacks are an ongoing thing these days on the Internet.
Important note: Brute Force attacks are not only launched against WordPress and are launched against any site types that have a database login: WordPress, Joomla, etc…
http://blog.sucuri.net/2013/04/mass-wordpress-brute-force-attacks-myth-or-reality.html
