Protect WordPress from Botnet Brute Force attack

Popular blogging platform WordPress is facing a huge brute force attack and cracking Administrator credentials.  According to,

The unknown people behind the highly distributed attack are using more than 90,000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems, researchers from at least three Web hosting services reported.

This attack is largely targeted on WordPress blogs with default username as “admin” and with a weak password. Here are some of the ways, you can protect your blog from this attack…

  • Change default username “admin” – Besides using strong password, you can have a different(and weird) username with Uppercase and numbers while displaying your real name.
  • Using “Limit login attempts” plugin – Though botnet can use a wide range of IPs(of 90,000 IPs), it is difficult to co-ordinate many IPs and attack.
  • Whitelist the IP of the administrator/author through htaccess.
  • Using CloudFlare Free plan – It blocks many spam and malicious users, though some Real user will be blocked if CloudFlare network identifies them as a threat.
  • Hackers normally create a fall back method when attacking – such as watching your FTP data transfer. While you are adding security through FTP, you might give FTP login details to the hackers. So be careful. Use FTPS

Besides these(and some points left intentionally), I highly recommend you to read –

Do comment below if you have any suggestion or know popular or new security plugin.

Also read...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.