Protect WordPress from Brute Forcers using Login LockDown
Brute Force Password Cracking is a well-known password cracking/hijacking technique that is to used to get pass-through login forms etc by trying a huge number of possibilities in very less time. Back in the 2000’s the technique was widely used by brute forcers all over the world to easily hack into Yahoo/Microsoft email accounts but it was taken care of later on.
Unfortunately, WordPress does not take care of this security loophole and anyone can access your WordPress login form at http://www.MyWordpressBlog.com/wp-admin/
Once compromised and authenticated, using brute forcing techniques, a hacker can easily access all your posts, comments and blog data and then God knows what he might do to it. So for enhanced security it is recommended for every WordPress user to use Login LockDown WordPress Plugin.
This plugin records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.
By default, the plugin will ban an IP from accessing the login form for 1 hour if it fails to authenticate itself more than 3 times within 5 minutes. However these settings can be changed easily.
Installing the plugin is easy as upload, unzip and activate.