Brute Force Attack

  • Resolved Lesley Ward

    (@lesley-ward)


    10 years, 7 months ago

    I appear to be under attack by someone trying to hack my website. ??

    I’ve put in a really complicated password which WP thinks is strong but I’m wondering if there’s anything else I can do to stop these attacks?

    I saw somewhere that you can install a plug in to limit the number of incorrect login attempts but the link was very out of date.

    Does anyone have a more up to date plug in or any more suggestions?

    Thanks for your help.

Viewing 7 replies - 16 through 22 (of 22 total)

  • Hi Matthew
    Thank you for your feedback and information – I really appreciate it.
    I checked the areas you mentioned:
    1. My login area is protected from brute force attacks (I did that when I first set up my website). I’m not sure how many times it takes for them to be locked out forever, but it would seem that the attacks have stopped (after 4 days…..). Fingers crossed.
    2. The admin user has been renamed (I also did that when I first set up my website).
    3. I didn’t want to turn the notifications off because I wanted to know when they were trying & when they stopped, plus because they had my username (which I can’t change) and they were being locked out, so was I so I couldn’t access my own website – argh…..
    So, thanks a bunch again for your help – hopefully because the password was so strong, they have given up and gone away!
    Kym

    Great! One other thing that you can do is change the login URL. You can do that in iThemes Security also.

    Hi again Matthew,

    Thank you for your extra tip.

    My hope that the hackers had given up and gone away was short lived as it started again this morning…..argh!

    I struggled to find where to change the login URL but I was given another tip which I have followed and hopefully it will prevent future hacking attempts.

    For anyone who has the same issue, maybe the following will help:-
    Change Username = you cannot change the existing username – however, there is a workaround!
    1. You need to create a new user with admin rights
    2. Log out of the old admin account
    3. Log into the new admin account
    4. Delete the original admin account

    That is another good security percussion.

    The place to change the admin login URL is under the “Hide Login Area” section in the settings page.

    Thank you Matthew for following up with the location of where to change the login URL – I will certainly keep this information for future reference.
    At this stage, it would appear that creating a new username with admin rights and then deleting my original username has done the trick – the attacks have stopped. Yippee!

    Great! Glad I could help you!

    Very helpful and very professional Matthew – thank you once again.

Viewing 7 replies - 16 through 22 (of 22 total)
  • The topic ‘Brute Force Attack’ is closed to new replies.