How to block bruteforce attack in wordpress - Slap The Wizard

Kamis, 06 November 2014

How to block bruteforce attack in wordpress

you can not access your wordpress? got confused because every time you log into the admin dashboard always out notification PHP Fatal error: Out of memory, then check to cpanel and it turns red CPU Usage or already in use 100% and memory usage is also consumed 100%.
Then you immediately contact the hosting support via chat, after you ask why your memory usage is over load in use when normally only used a little of the total memory. From hosting parties did check the website and after waiting a while then they tell you that your wordpress web has been under brute-force attack. experiencing many such events that you experienced, here I will give some tips to secure your wordpress from bruteforce attacks.

How to resolve WordPress Brute Force

Brute-force attack is an attack technique against a computer security system that uses an experiment on all possible keywords. This approach was originally refers to a computer program that relies on computer processing power than human intelligence.

In wordpress there are two ways to prevent a brute force attack, the first is to use the .htaccess file and the second is using a plugin anti bruteforce.

Block Brute Force Attack from .htaccess file.

The first way, please login to your cpanel then click file manager and check show hidden files ( dotfiles ).

Next right click and click edit the .htaccess file, then enter the following settings:

RewriteEngine on
RewriteCond% {REQUEST_URI} ^ / wp-login \ .php (. *) $ [OR]
RewriteCond% {REQUEST_URI} ^ / wp-admin $
RewriteCond% {REMOTE_ADDR}! ^ - \ .- \ .- \. $
RewriteRule ^ (. *) $. [R = 403, L]

On RewriteCond% {REMOTE_ADDR}! ^ - \ .- \ .- \. $ Enter the IP address from which you are logged into the admin dashboard, to determine the your ip adress please check in HERE. Then save it.

--But the disadvantage of this method is the length of time to be able to access your blog back, in need of time is approximately 4 s / d 5 hours--

The easiest way is using anti bruteforce plugin.

There are so many plugins that can be used to deter brute force attacks one that I now use is a botnet attack blocker. This plugin works by blocking the IP address that failed to enter the number of attempts to wp-admin. This plugin can also block certain IP can not get into wp-admin.

Please setting as desired to block brute force attacks. Hopefully this article can prevent wordpress based blog from hackers. Thankyou.