If someone is going to attempt to attack your blog through brute force, a good password and an unusual admin id both provide a lot of protection. But, if you can then lock out brute force attacks, you are really creating an impregnable fortress.!

Basically, if someone is attacking your blog by trying out loads of password combinations, if you can detect their presence and stop their logon attempts then they will not suceed in loging in. For this reason I have installed Login Lockdown, which is an excellent little plugin for WordPress blogs.

What is does is quite simple. It records failed login attempts and if there are a certain number of failed login attempts from the same computer within a set amount of time, it prevents that computer making any more attempts for a while. For example, the default is 3 failed login attempts in 5 minutes locks the computer out for an hour.

It is not totally foolproof, the attacker can change IP address, but that is every three login attempts! They could try a login every 2.5 minutes, but that only allows 24 attempts per hour, less than 530 per day. At that rate it would take weeks, even years, to guess your password.

And that is how protection against against brute force attacks works – just make it so hard that the attack will take so long that that attacker ends up going elsewhere. Simple, but secure.

The only add on I would add to this would be a notification of failed login attempts. I’m currently looking for a suitable plugin for this. The worry is that in the case of an attack, such a plugin could fill an email box. So I’m looking carefully!

Want to know how to do these or other security considerations? Come back again, or follow the blog security tag.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

If you want to keep up with our latest posts, just follow us on our RSS feed, join our weekly newsletter or follow us over at Twitter. Please do join in - it is totally free and only the best posts are passed to you!

Also, leave a comment below. We are a 'DoFollow' blog, so it is well worth your time. Thanks for calling in.

Similar Articles You Might Like To Read:
    Protecting WordPress From Brute Force Hackers So, what can we do to protect out blogs from brute force attacks, where hackers just spend ages trying out...
    Limit Login Attempts – better than Login Lockdown! After a little bit of research, I have removed Login Lockdown and instead installed Limit Login Attempts. After trying them...
    Locking Lockdown – does it actually work? It was, until recently, one of the plugins that I listed on by top 5 plugins. However, after some playing...
    Choosing A New WordPress Admin Name If you want to make sure that you beat brute force hackers, then you must change your admin userid. Here...
    Ways Hackers Can Attempt To Attack Your Blog If you are worried about the security of your blog (and if you own a blog, you should be), then...
    Protecting Your Admin I have talked already about important steps such as using a secure password and changing your admin user id, but...
    My Five Must-Have WordPress Plugins We all have different plugins that we cannot live without and I certainly have a collection of 5 very important...
    Securing Your Blog With A Better Password It sounds simple, secure your login with a good password. So, why do so many people struggle? I know of...
    Login Lockdown Does Not Always Work! I do not know quite what made me do it, but I went to the admin logon screen of one...
    Avoid Known Security Holes By Upgrading WordPress One of the reasons that new versions of WordPress are released is that security holes have been discovered and patched...