Brute Force Attacks and Solutions
Video Transcript
In this class, we’re going to cover a few different ways to deal with what’s called brute force attacks.
Now, in case you didn’t know, a brute force attack is whenever someone or more likely an automated bot tries over and over again to get your admin login, password and username. So one way to deal with this is to use a plugin similar to the one that I’d mentioned in a previous class may actually have a couple of different classes, and is called loginizer by Softaculous. I’ve already logged into my admin area here, and under plugins, installed plugins, this is one that I’m talking about right here, and it lets you set up a limited number of login attempts before it locks out the wouldn’t be hacker.
Remember though, this can sometimes affect a real human that’s trying to log in but simply forgot their login stuff, and it just keeps on trying. Now I say this because one of the settings on the loginizer plugin is the message that you can display when that number of failed logon attempts is reached. So I suggest being nice in that message. Instead of something like hot you nasty hacker go away. And more times than not though, someone will only try a few times before they give up and contact you or support for help. So organizer plugin is a quick solution. Now another option is to completely restrict access to the login page based on the IP address. So for more help on this, let’s head on over to this article here@wordpress.org slash support slash article slash brute dash force dash attacks don’t get the dashes and the S at the end of attack.
Now here they list several different options available to you even describes more in detail what brute force attacks are. I do want to point out though, that there are some things in here like this particular plugin they’re talking about, that might be a little dated, it hasn’t been updated for a few years. So just be aware of that whenever you’re going through this stuff. But it’s great information to know in helping you determine what is your best option based on your particular situation, because which option you choose may depend greatly on the type of WordPress site that you have. For example, a membership site that requires different people from different parts of the world.
A login means that restricting your login page based on an IP address is not doable, because the IP address is like a mailing address. It lets you know kind of sort of what part of the world that particular person is in kinda. But anyway, with a membership site, restricting access to the login page based on IP address is not a good way to go. And using a powerful security plugin that does many different things that includes restricting lots of login attempts might be great. But it could also put a big strain on your servers resources, when all you really need is a lightweight plugin that only does log in limits. But it is still another option to consider.
So consider all these options. And you might even want to contact your hosting service for help on deciding which is best based on not just the type of WordPress site that you have, but also the server that your site is hosted on. And that’s something that your hosting service should be able to help you out with that at least now you are aware of this potential problem.
And you’ve got several options to choose from to solve that problem. Oh, and one last item I want to tell you about before I close out this class. And that’s this nice little article on the difference between brute force denial of service. That’s the DDoS and the DDoS, which is basically the denial of service on steroids, none of which are great, but the solutions to preventing these are different. So this is a pretty good article to better inform you not just have a problem, but potential solutions to those problems. Well, that’s going to bring us to the end of this class on a look at and solutions for brute force attacks. Thanks for checking it out and you have a great day.