Limiting brute force attacks in WordPress

It is quite common for hackers to attempt random scans of websites for common security vulnerabilities and even if they fail to find any the resulting high traffic can have significant negative effects on our servers, this is especially true when common CMS systems like WordPress are used as they will consume high amounts of CPU to process the traffic even if it is not legitimate.

To avoid some of this effects we have some systems in place to block obvious attempts but hackers have ways to get around these by using many random IPs etc, it is much more effective if the protection is built into the website.

Below are some suggestions for improving your website security and reducing the CPU load during hacking attempts.

  1. Hide common attack vectors, many hacks involve brute force attacks on common admin login forms e.g. /wp-login.php in WordPress. We recommend moving these URLs to uncommon file names so drive-by hackers have to work much harder to find an attack vector, in WordPress, this can be done using a simple plugin e.g. WPS Hide Login.
  2. Install a plugin like WordFence for WordPress to track and actively block hacker attacks as well as keep you informed about new updates to WordPress and any plugins you may have.
  3. Consider placing the admin part of your website behind server-level authentication, most servers use .htaccess and .htpasswd to add an additional level of security, sever side authentication is a lot less resource hungry than one built into a website and will add considerable protection from hackers.
  4. Remember to limit your file permissions, never have full site-wide write access enabled, doing this can allow a hacker to write to any part of your webspace and cause much more damage.

I hope some of these suggestions help you improve your website's security and avoid service interruption due to hackers.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Securing your site

Typical attack vectors for hacked sites are the following: Insecure file and folder...

My site has been hacked, what do I do?

Firstly don't panic. Then follow these steps. Change all passwords for all services hosted...

Why upgrade your cms?

It is important to update the software we use on the Internet (cms applications and web browsers)...

General Security advice

It goes without saying that securing your website is extremely important. Below are some best...

How to make your website secure

As a Web Host we are constantly monitoring our systems and making sure our servers are secure....