This article aims to help you against a very common security breach in your website: brute force attacks. These attacks are done by guessing your username and password many times and finally getting them right. It is obvious that these kinds of brute attacks cannot possibly be done by individuals but are performed by bots. These bots can try out various combinations in a matter of minutes. Therefore, they have the capability of trying many possible combinations even within hours. The following four things are necessary for a brute attack to be successful:

1) Knowledge of your username
2) Knowledge of your password
3) Availability of your login page
4) Possibility of trying hundreds of different username and password combinations

Taking care of at least one of the four above-mentioned things can make your website way more secure. However, taking care of all four can definitely make your website very safe and resistant against a brute force attack.

online attack

Following are some of the tips to protect WordPress websites against brute force attacks:

A login page that is Secure
Brute force attacks can be compared to infinite monkey theorem. According to this theorem, if a monkey hits the keyboard enough times randomly, the complete works of Shakespeare can be produced. Brute attacks work on this same principle. However, bots are way more sophisticated than monkeys and it is way easier to guess to words than an entire work of Shakespeare. So, enough trying can definitely lead to hacking. Obviously, some usernames and passwords would be more likely to be hacked sooner than others. The complex ones are more difficult so the following two tips can help greatly:

  • Admin as a username is a complete number: The long combination of special symbols, lower & uppercase, and numbers can be used to make a strong password.
  • Try moving your login page: Having a direct login page like is a login page that can be easily guessed by bots. Obviously, brute attacks need your login page so you can start by making a wp-login page to a more secure URL using free URL Plugin.
  • Set limits to login Attempts: If you only allow two or three attempts for trying both your username and password, it will be very difficult for bots to crack it. There are at least 2.8 trillion combinations just with all the letters and numbers. If you use upper or lowercase characters, that would add more to the total options leaving only a minuscule possibility of brute attacks with login restrictions. You can download free plugins for logging lock down on your website and limit the number of attempts

Some final words
Brute force attacks can be a grave threat to people who use WordPress. But following the above-mentioned simple steps can help you fight against most of these brute force attacks. All tips mentioned in the article are free to implement and it won’t take you more than just a few minutes. Feel free to share other tips for protecting websites against brute force attacks in the comments.


We help SMEs in Singapore to create digital solutions to increase sales and productivity. At Novatise, we work in a lean environment as such, no sales person is involved.

Comments are closed.