Brute force attack

Protect WordPress Site From Brute Force Attack

here could be many attacks which can bring your site down, but the most common attack on a WordPress website is the Brute Force Attack. In this post, we will discuss quick tips to Protect WordPress Site from Brute Force Attack.

What is Brute Force Attack?

A Brute Force Attack is an attempt to break down your login credentials by trying various numerous combinations of characters, numbers and symbols. By this attack, a hacker can easily get into your website Admin Panel and perform unethical tasks.

It’s not like that WordPress itself don’t provide any security for our sites but to stay updated and secure from our end is necessary. WordPress is a safe place and with each single day, it is getting stronger and secure. Check out these wordpress brute force attack prevention tips.

How to Protect WordPress Site From Brute Force Attack?

WordPress is such an amazing platform where you can find every solution very easily and in less time. Here are some simple steps to prevent your site from attack

1. Change And Hide Login URL

The BEST way to protect WordPress website from Brute Force attack is to change and hide the default login URL of your website. A default login URL looks like this

To do this you can use WPS Hide Login Plugin. When you rename your wp-admin URL to something unique name, that will be impossible to guess for anyone. Once you make sure that the admin page is not accessible by directly hitting the URL, the chances of brute force attack lower down.

2. Don’t Use Default Username Of WordPress

This is a very common mistake of not changing the default User Name of your website login page. By default the User Name Given for login is Admin.
Change the default User Name to something unique name which is difficult to guess. It is recommended to keep your User Name Long and Unique.

Thousands of people keep the default username given by the WordPress. And the result is drastically bad. Hacker can easily figure out the username and then after the password.

3. Create A Strong Password

Remember one thing a long password is not always a strong password. Create a strong password which contains the uppercase character, lower case character, special symbols and numbers. By using all these in your password, will make it difficult to guess and time-consuming task to crack it by a Brute Force Attack.

One more important thing is to keep your password at least 12 characters long to make it strong. Here are some examples of strong password-
If you are still using a basic simple password for your website, change it now to a stronger one. You can also use the suggested passwords of WordPress as they are randomly generated and difficult to guess passwords.

The auto generated passwords are more safer because as they are newly generated password, the attacker will not have them in their list of passwords. And secondly they are random collection of characters, numbers and symbols. In such condition, predicting such password is time eating and difficult.

4. Integrate Cloudflare Service

Cloudflare is a free service which detects and prevents the possibilities of such attack and prevent your website from attack. Use this feature to give your website additional security.

5. Enable 2 Step Verification

WordPress offers this feature by which you can provide extra security to your WordPress website. Use this guide to Enable 2 step verification.

In 2 step verification, just after you hit the password, WordPress ask you to enter a secret number. The secret number can be fetched from a phone application called Google Authenticator App.

The Google Authenticator app generates random number in every 30 seconds, so it becomes impossible to guess the secret code.


Last but the most important is to REGULARLY BACKUP website’s data to keep it safe and you don’t have to worry about your data. Regularly backup the database and the wp-content folder of your website to ensure security in case of data loss.