One way hackers will try to hack into a target website is by running a program that tries thousands of different passwords. A complicated password should defeat them, but you can make certain of this by detecting them at the source and locking them out. And on WordPress it is very easy to do.
By Keith Lunt, ©

Hackers wanting to get up to some mischief on a blog might just use a brute force attack to try to get access to it. A complicated password means that they have to try for longer and longer to gain access, but how long will that keep you safe for? Changing the user name to something that they cannot guess straight off is also excellent protection, but such a prolonged brute force attack could use a lot of bandwidth and ultimately slow down your blog as readers are trying to access it.

Slowing Down A Brute Force Attempt Is The Secret To Stopping It
You need to put them off by blocking them out. If they see that they are going to get locked out after every 3 or 4 attempts and not be allowed to try any more for an hour or more, then they know that just to try 100 passwords is going to take over 2 days. Therefore, to try the number of password / user id combinations needed to break your security is going to take years and hopefully they will move on.

Sadly, Not All Plugins Deliver On The Promise
There are several plugins that do exactly this, however in testing some of them on my own blogs I have discovered that not all do the job properly! They might lock out the login form, but you can still submit a userid / password indirectly and successfully log on.

The Plugin That I Use On My Blogs
The plugin that I was not able to defeat was Limit Login Attempts and I like it as it has a lot of good options. You can set how many attempts there are before a lockout and then how long the lockout is for. Then, if there are more lockouts within a longer time period you can lock the attacker out for much longer.

And with each failure, the person trying to log on is told that there are only a few attempts left, so they know what they are dealing with and hopefully will leave you alone.

What If You Log Yourself Out?
Yes, get your password wrong and you could log yourself out. And it is no good trying a different user id – the plugin monitors the IP Address of the attempt and will block any further login attempts from that IP address. So if you get it wrong, either because Caps Lock is on or because you are testing it, then you are locked out.

Assuming that you can’t change your IP address, you can still get back on. You just need access to your databases and then remove the record that shows that you are locked out!

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

If you want to keep up with our latest posts, just follow us on our RSS feed, join our weekly newsletter or follow us over at Twitter. Please do join in - it is totally free and only the best posts are passed to you!

Also, leave a comment below. We are a 'DoFollow' blog, so it is well worth your time. Thanks for calling in.

Similar Articles You Might Like To Read:
    Limit Login Attempts – better than Login Lockdown! After a little bit of research, I have removed Login Lockdown and instead installed Limit Login Attempts. After trying them...
    Locking Down Your WordPress Admin Login If someone is going to attempt to attack your blog through brute force, a good password and an unusual admin...
    Protecting WordPress From Brute Force Hackers So, what can we do to protect out blogs from brute force attacks, where hackers just spend ages trying out...
    Keep Your Blog Safe From Hackers With a Strong Password Protecting your blog with a strong password is essential. How can you create a strong password and what else can...
    Blog Protection From Hackers If you are writing a blog then you have to be aware that you could be the target for hackers...
    A Good Looking Idea, Not Quite There The last time I wrote I was talking about signing up to and the account problems. Still no joy,...
    Protecting Your Admin I have talked already about important steps such as using a secure password and changing your admin user id, but...
    Securing WordPress – 7 Essential Security Steps For Every Blog Preventing hackers and other unwelcome people from accessing your blog is essential. But WordPress, if not correctly used, can be...
    Ways Hackers Can Attempt To Attack Your Blog If you are worried about the security of your blog (and if you own a blog, you should be), then...
    Simplifying A Security Upgrade If you started blogging with WordPress before v3.0, or you installed 3.0 and didn’t take the advice of creating a...