Brute Force Password Cracking is a well-known password cracking/hijacking technique that is to used to get pass-through login forms etc by trying a huge number of possibilities in very less time. Back in the 2000’s the technique was widely used by brute forcers all over the world to easily hack into Yahoo/Microsoft email accounts but it was taken care of later on.
Unfortunately, Wordpress does not take care of this security loophole and anyone can access your Wordpress login form at www.MyWordpressBlog.com/wp-admin/
Once compromised and authenticated, using brute forcing techniques, a hacker can easily access all your posts, comments and blog data and then God knows what he might do to it. So for enhanced security it is recommended for every Wordpress user to use Login LockDown Wordpress Plugin.
This plugin records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.
By default, the plugin will ban an IP from accessing the login form for 1 hour if it fails to authenticate itself more than 3 times within 5 minutes. However these settings can be changed easily.
Installing the plugin is easy as upload, unzip and activate. Additionally take a look at the 3 tips to protect your Wordpress installation by Matt Cutts.
Really, very useful. Downloading and installing right now…
Hi there,
Thanz for the tip! I run my blog on WP and this is just one of those plugins I need!
Cheers!
Thanks for the information about this plugin.
I guess this plugin is a must for all blogs once it gets popular…you never know what will happen!
For those who want to take their security even further, try Firewall Script. It’s a firewall written in PHP that can run alongside any other php/mysql site, like Wordpress. You can download it here.