19 replies
Hello All - looks like I have about 30-40 different ips trying to log in to my site; think this is whats called a brute force attack. I have good PW and UN but is there a plugin or some way to limit login attempts? I have added manually to IP deny manager, but that is not a good solution. Maybe a laser beam or deny entire countries? Any thoughts or advice? Thanks in advance. jw
#security
  • Profile picture of the author Corey Geer
    I know there's plugins that'll deny specific and particular IP addresses but as far as different IP goes.

    WP is pretty secure and I've only ever had one issue before. That was when I uploaded a plugin I shouldn't have and they put in some nasty code in the PHP. I had to have a Senior Security Whatever his title was at Hostgator go through it and remove it.

    WordPress › Better WP Security « WordPress Plugins
    WordPress › BulletProof Security « WordPress Plugins

    Both of the above plugins have pretty solid ratings and seem to protect against a lot of the new and modern attacks (even SQL injection). I'm surprised people still use Bruteforce... I remember that back when I was using Winmx to download songs and rock out to my 90s music over dial up.
    Signature

    Skype: Coreygeer319

    {{ DiscussionBoard.errors[7553136].message }}
    • {{ DiscussionBoard.errors[7553152].message }}
    • Profile picture of the author adamjcd
      Originally Posted by Corey Geer View Post

      I know there's plugins that'll deny specific and particular IP addresses but as far as different IP goes.

      WP is pretty secure and I've only ever had one issue before. That was when I uploaded a plugin I shouldn't have and they put in some nasty code in the PHP. I had to have a Senior Security Whatever his title was at Hostgator go through it and remove it.

      WordPress › Better WP Security « WordPress Plugins
      WordPress › BulletProof Security « WordPress Plugins

      Both of the above plugins have pretty solid ratings and seem to protect against a lot of the new and modern attacks (even SQL injection). I'm surprised people still use Bruteforce... I remember that back when I was using Winmx to download songs and rock out to my 90s music over dial up.
      +1 for Better WP Security - Love this plugin, it's got a lot of other good features too.

      You can automatically block bad neighbourhood IP addresses, user agents and any IP you like along with setting login lock down type thing (lots of other stuff too).
      Signature
      * Circle me on Google+ for blogging, social media, SEO and other helpful tips *
      Add me me on G+ now.
      {{ DiscussionBoard.errors[7553272].message }}
  • Profile picture of the author trevord92
    I use the Limit Login Attempts plugin - just search for it in the add new plugins option.

    It works in the background and you can switch off the email notifications that tell you what it's blocked if you're squeamish about that kind of thing.
    {{ DiscussionBoard.errors[7553177].message }}
    • Profile picture of the author sbucciarel
      Banned
      Originally Posted by trevord92 View Post

      I use the Limit Login Attempts plugin - just search for it in the add new plugins option.

      It works in the background and you can switch off the email notifications that tell you what it's blocked if you're squeamish about that kind of thing.

      I use this one too. It's great. Unbelievable to see how many people trying to break in.
      {{ DiscussionBoard.errors[7553555].message }}
    • Profile picture of the author Edman15
      Originally Posted by trevord92 View Post

      I use the Limit Login Attempts plugin - just search for it in the add new plugins option.

      It works in the background and you can switch off the email notifications that tell you what it's blocked if you're squeamish about that kind of thing.
      This one is really cool. I am using it in almost all of my WP site.
      {{ DiscussionBoard.errors[7553796].message }}
      • Profile picture of the author KylePeters
        Hey Guys,

        I currently use the "Limit Login Attempts" Plugin -- so I have a question?! Can I use both "Limit Login Attempts" Plugin & "Login LockDown"?? For the reason being that both together will act as DOUBLE Security.... Also they both have totally different functionality. Plus, if one breaks down... or they bypass one of them.

        So, I'm assuming they shouldn't conflict with each other, but I'm just wondering if anyone here has already tested these together?

        In Many Thanks,
        Kyle
        {{ DiscussionBoard.errors[7662387].message }}
  • Profile picture of the author cooler1
    Login Lockdown hasn't been updated for over 2 years. WordFence Security is newer and does the same amongst other things. WordPress › Wordfence Security « WordPress Plugins
    Signature

    {{ DiscussionBoard.errors[7553238].message }}
  • Profile picture of the author poleposition
    Make a .htaccess file for your wpadmin directory and put the code below in it:

    Code:
    Order Allow,Deny
    Allow from xxx.xxx.xxx.xxx
    Replace the x's with your IP address. You can create ranges too if you have a dynamic IP. That will restrict access to Wordpress admin for everyone but you.
    {{ DiscussionBoard.errors[7553271].message }}
  • Profile picture of the author johnweyer
    Thanks Everyone - good information. That Wordfence Security looks like a good answer. ratings seem above average for plugins. I'm going to give it a try. Thanks again.
    {{ DiscussionBoard.errors[7553278].message }}
  • Profile picture of the author Dino Aiello
    I also use Limit Login Attempts as well as WP Security Scan. WP Security Scan checks your install for vulnerabilities and gives solutions for any issues it finds.
    {{ DiscussionBoard.errors[7662471].message }}
  • Profile picture of the author salegurus
    You can't. go wrong with any of them already mentioned.
    Signature
    Think of how stupid the average person is, and realize half of them are stupider than that.

    ― George Carlin
    {{ DiscussionBoard.errors[7662523].message }}
  • Profile picture of the author chasnsx
    While you are working on security, get the Bad Behavior plugin and install it, and do some homework about writing a hackproof .htaccess file too.
    {{ DiscussionBoard.errors[7662568].message }}
  • Profile picture of the author KylePeters
    Hey Guys, I just thought of something else in regards to the Login LockDown code....

    ...Since I am putting this code in my HTAccess for all my sites with my IP Address ==>
    Then won't this be bad if Google automatically sees the same IP Address...when we put this code on all the domains within our server? And if especially if we have 15 - 20 domains?

    #Secure Access to WP-LOGIN.PHP by IP
    <Files wp-login.php>
    Order Deny,Allow
    Deny from all
    Allow from ##.##.###.### <--- #(My IP Address)#
    </Files>
    {{ DiscussionBoard.errors[7662693].message }}

Trending Topics