Brute force attacks are still an issue for many WordPress websites. There are several ways you can protect yourself from this kind of attack. Today, I am going to show you how to use a plugin called Loginizer.
This plugin will help prevent your site from succumbing to a brute force attack.
Solid custom brute force protection is hard to come by these days. This is especially true if you are looking to get that kind of protection for free. However, now you can with a smooth plugin called Loginizer.
The plugin is very lightweight, easy to install, and easy to set up. It works in the fight against brute force attacks by blocking logins for the IP after it reaches maximum retries allowed.
The plugin is automatically running once you activate it, so immediately, it goes to work based on default settings. However, you can also go to the configuration page and perform a setup more tailored to what you want for your website.
Loginizer gives you the ability to blacklist and whitelist IPs for login as well. So you have a good amount of control right away. There are also several other ways to control a brute force attack, all of which are presented to you within the plugin.
Once the user tries to log in unsuccessfully a certain amount of times (based on your settings) they are hit with an automatic WordPress lockout and won’t be able to access anything.
The Loginizer plugin comes packed with features. Some of the main ones include:
- Block and IP after maximum retries are hit
- Extended lockout option after maximum lockouts
- Sends email notification after maximum lockouts is hit
- Blacklist IP/IP Range
- Whitelist IP/IP Range
- You can check all logs of failed attempts in the backend
- Create and delete IP ranges
Loginizer gives you custom write force protection for free. Let’s take a look at how to install the plugin and then set it up.
Note: This plugin does have a pro version that will give you more functionality and other protection options. Feel free to check that out if you feel it is something you need. That being said, this tutorial is based on the free version, as it gives you everything you need to protect against brute force attacks.
Install and Activate Plugin
In order to start using Loginizer to help against brute force attacks, you first need to install and activate the plugin. You can do this by going to the Plugins page inside your WordPress admin dashboard.
Simply search for the plugin by name and install it right from there.
Once the plugin has been installed and activated, you want to access the main settings and configuration page. To do this, click on Loginizer Security > Brute Force.
You will see this option in the left side menu area of your dashboard once the plugin has been activated.
From here you can configure the plugin how you see fit according to your needs.
Note: The plugin starts running automatically as soon as it is installed. You can configure it from there.
Setup Custom Brute Force Protection
At this point, you should be on the main configuration page for the Loginizer plugin. It is a single-page layout, but has a few different options to go over. Let’s go over these together.
At the top portion of the page, you will see a box that shows you all the failed login attempts over the last 24 hours. Here you can see who is trying to log in and when they try. This is a valuable list to have because you can use it to blacklist or whitelist IPs.
Now scroll down some and give the “Brute Force Settings” configuration box a look. Here is where you will set all your entry limits and lockout times. This is the heart of your setup. Go ahead and fill out all the entries according to how you want them to take hold on your site.
Below that, you will find the configuration box for the blacklist IP settings. You can blacklist as many IPs as you want. So feel free to add any that you already have in a list.
The same goes for the whitelist IP box. You can whitelist as many as you want.
Finally, at the bottom of the page, you will see a configuration box for error messages. You can see that there are two default messages. However, you can make the messages say whatever you want.
Don’t forget to click on the “Save” buttons as you go through all your options. That’s it! You have set up custom brute force protection using Loginizer and you are all set.
You can adjust settings at any time.
Loginizer also provides you with a dashboard so that you can monitor everything that is happening. To access this dashboard, click on Loginizer Security > Dashboard.
You can see at the top of the dashboard is all the system information. Go ahead and check that out and make sure all is running correctly.
Below that, you can see all the file permissions.
What is a Brute Force Attack?
Simply put, a brute force attack is an attempt to crack a password or username, or find a hidden web page, or keys used to encrypt a message. It uses a trial and error approach method in hopes that it will eventually guess correctly.
This kind of attack is actually an old method, but it is still widely used and oftentimes successful. Depending on how complex a password is, cracking it can take anywhere from a few seconds, to years.
IBM created a report showing that some hackers will target the same system for months and even years at a time. Their data shows how dedicated and resourceful hackers are and how they will wait and wait while the brute force attacks continue to go to work on a website over time.
These kinds of attacks happen to WordPress sites often. That is why it is a good idea to have a tool in place that can help protect your site against them. The info above will give you a solid tool and good starting point in order to help protect your website from brute force attacks.
Brute force attacks have been a long-standing issue for website owners. Even though the method is fairly old, it is still very popular and widely used because of its effectiveness.
There are certain steps you want to take in order to secure and protect your website. One of the most important ones is having the ability to build custom brute force attack protection from the backend of your website.
The Loginizer plugin is a fantastic way to get this process started and will work to immediately secure your site. With all the functionality and ability the plugin gives, you should be able to build up a solid wall around your site and protect it.
Has your website ever been the victim of a brute force attack? Have you found that the Loginizer plugin has helped protect against this when used properly?
Author: Jeremy Holcombe
Growing up in Hawaii, Jeremy started his freelance writing career doing resumes, business plans, article writing, and everything in between. He now specializes in online marketing and content writing and is part of the Content Marketing Team at GreenGeeks.