Wordpress wp-login.php Brute Force Attaks

Please check back here for updates.

Moderators: Design Team, Web World Tech Support

Wordpress wp-login.php Brute Force Attaks

Postby daveg » Thu Apr 11, 2013 2:18 pm


Over the past few weeks we noticed a big increase in Wordpress bruteforse attacks. We recommend that all Wordpress users take the following steps to lock down their site.

1) Rename /wp-login.php to something else. Hackers will use bots to attack this address.

2) Change your username from "admin" to something more secure.

3) Update your user privileges. Not every user has to be an administrator.

4) Make sure your password secure with numbers, symbols and letters.

5) Restrict access to the /wp-admin/ folder and file by IP or password protect this folder. (Contact us to do this)

6) Use a plugin to restrict login attempts. These are freely available from the Wordpress site
Dave Geoghegan
User avatar
Rank: Supreme Member
Posts: 210
Joined: Wed Jun 07, 2006 5:33 pm
Website: http://www.webworld.ie
Location: Dublin, Ireland

Re: Wordpress wp-login.php Brute Force Attaks

Postby venkisu13 » Mon Oct 01, 2018 12:03 pm

Rank: Just Started
Posts: 8
Joined: Mon Oct 01, 2018 11:54 am

Re: Wordpress wp-login.php Brute Force Attaks

Postby JessicaMonica » Wed May 15, 2019 7:24 pm

Normally login page renaming and managing admin rights is enough against brute force attacks.
Rank: Newbie
Posts: 3
Joined: Wed Apr 24, 2019 8:12 pm

Return to ā€œ%sā€ Network, Security & Software Updates

Who is online

Users browsing this forum: No registered users