How to block bruteforce attack in wordpress - Slap The Wizard

Kamis, 06 November 2014

How to block bruteforce attack in wordpress

***
you can not access your wordpress? got confused because every time you log into the admin dashboard always out notification PHP Fatal error: Out of memory, then check to cpanel and it turns red CPU Usage or already in use 100% and memory usage is also consumed 100%.
Then you immediately contact the hosting support via chat, after you ask why your memory usage is over load in use when normally only used a little of the total memory. From hosting parties did check the website and after waiting a while then they tell you that your wordpress web has been under brute-force attack. experiencing many such events that you experienced, here I will give some tips to secure your wordpress from bruteforce attacks.

How to resolve WordPress Brute Force

Brute-force attack is an attack technique against a computer security system that uses an experiment on all possible keywords. This approach was originally refers to a computer program that relies on computer processing power than human intelligence.

In wordpress there are two ways to prevent a brute force attack, the first is to use the .htaccess file and the second is using a plugin anti bruteforce.

Block Brute Force Attack from .htaccess file.

The first way, please login to your cpanel then click file manager and check show hidden files ( dotfiles ).

Next right click and click edit the .htaccess file, then enter the following settings:

RewriteEngine on
RewriteCond% {REQUEST_URI} ^ / wp-login \ .php (. *) $ [OR]
RewriteCond% {REQUEST_URI} ^ / wp-admin $
RewriteCond% {REMOTE_ADDR}! ^ - \ .- \ .- \. $
RewriteRule ^ (. *) $. [R = 403, L]

On RewriteCond% {REMOTE_ADDR}! ^ - \ .- \ .- \. $ Enter the IP address from which you are logged into the admin dashboard, to determine the your ip adress please check in HERE. Then save it.

--But the disadvantage of this method is the length of time to be able to access your blog back, in need of time is approximately 4 s / d 5 hours--

The easiest way is using anti bruteforce plugin.

There are so many plugins that can be used to deter brute force attacks one that I now use is a botnet attack blocker. This plugin works by blocking the IP address that failed to enter the number of attempts to wp-admin. This plugin can also block certain IP can not get into wp-admin.


Please setting as desired to block brute force attacks. Hopefully this article can prevent wordpress based blog from hackers. Thankyou.
***
Comments


EmoticonEmoticon