Limit Login Attempts to stop WordPress Hackers Attack

Limit Login Attempts to stop WordPress Hackers Attack

posted in: Tech Talk | 0

Most WordPress hackers attacks start with the really simple premiss that you have a weak admin password.  So, the easy and prudent thing to do is have a tough password.  Okay, I’m done.  we can go have a cup of coffee and relax.

Before you order that triple grande half-caf, de-caf, soy milk, extra hot monstrosity – you might want to take an extra step toward password secure nirvana.  You also need to limit the amount of login attempts that can be made.

Most hackers won’t be sitting back with a Redbull while manually trying different passwords.  They are going to use a program that runs a script to attempt a huge list of passwords until one works.  This might take a while, and may or may not work, but it will slam your server performance and will encourage them to try more times.

I’ve seen attacks like this last for over 2 hours.  It sucks.  So, I have another plugin that I highly recommend:  ‘Limit Login Attempts’ by John Eenfedlt.  Add this to your WordPress blog and set it to allow 4 attempts.  If it goes past 4, set it to block attempts from that IP address for 99 hours.

So then, some hacker launches a password attack and your wordpress blog kicks him to the curb.  His program will not see your server any longer and it will no longer bang on your login screen.

How well does it work?  Before I put ‘Limit Login Attempts’ on my server, hackers in Bangalore would launch attacks that would use 95% of my servers CPU resources for 2 hours.  If they did not get in, they would relaunch the next day.  With the program in place, the hit would last less than a minute and would not even get to 50% of my resources.  Once the ban was in place, no further attempts would happen from that IP address.  But, a few days later, they would launch another attack from a different IP address.  But, once again, the attack was thwarted in seconds and they were banned again.

This fix will take a few minutes to do and will save you tons of time.  Now go have that ridiculous coffee. You deserve it.

Do you have any ideas to block WordPress hackers attacks?  Feel free to discuss them here.