Nowadays brute-force attacks are becoming more and more common, causing unnecessary load on your websites, with the added risk of people with malicious intents possibly gaining access to your admin area. If you have never heard of the term “brute-force attack” before, it refers to a technique used to break passwords, by systematically checking all possible keys or passwords until the correct one is found.
Most such attacks against WordPress consist of trying “admin” as the username, along with easy-to-guess and popular passwords, such as “111111”, “123456”, “123asd”, and others, that are still prevalent among some WordPress websites.
Today’s plugin would help you protect your WordPress website from such attacks by doing the following:
-Restricts access to the “wp-login.php” file, commonly used by bots to directly check whether a username/password combination exists on the website
-Changes the default WordPress login page to /wp-admin/, and dynamically redirects to a new page
-Fixes a WordPress user enumeration exploit still found on some versions, which would stop attackers from finding valid usernames
-The plugin automatically switches the login page url, to which /wp-admin/ redirects, if a brute-force attempt has been detected
Sadly at the time of writing the plugin is not compatible yet compatible with WordPress Networks (multisite), however the developer has made it into a priority and a new version should be released soon.
In conclusion, if you are concerned about the security of your WordPress site we would suggest downloading “Project Force Field” – it’s as easy as logging into your admin area > Plugins > Add new.
Alternatively you could download it directly from WordPress.org, on the following URL: