The inelegance of repeated guessing a username/password and the ubiquity of WordPress websites mean this type of attack is incredibly common. The vulnerability being exploited is indifference to enforcing strong passwords or avoiding common administrator usernames like ‘admin’ or the name of the website.
Event if an attacker is unsuccessful at gaining access, the attack can still wreak havoc on website loading times. The nature of these attacks can cause your server memory to skyrocket, causing routine performance problems.
With our Brute Force Protection setting, you can specify the number of login tries to allow before a visitor to your website is locked out. When Stop Spammers locks the account, a user cannot login to the site. The account can be locked for a specified duration or indefinitely. You can manually unlock an account by visiting the “Users” section of the WordPress admin area. You can also manually lock a user here.
Why Enable Brute Force Protection
In addition to requiring strong passwords and avoiding certain easy-to-guess admin usernames, our Brute Force feature will help to:
- Limit the number of attempts an attacker can make over a certain time period, drastically reducing the opportunities for a potential breach and takeover of your site
- Shield website performance by reducing the number of http requests on the login page through the lockout functionality
You can add even more protection by enabling our Themed Login in Stop Spammers Premium, which can also help limit vulnerabilities by disallowing username login.
Find the Brute Force Protection Option
The setting is in Stop Spammers Premium version 2021 and above and can be found by navigating to Stop Spammers > Premium Features in the WordPress admin menu.