Lessons

Lesson 2 – How to Activate Brute Force Protection

In the previous lesson, you learned how to customize the common WordPress paths.

Now it’s time to learn how to protect the custom wp-login path from Brute Force attacks if you make it public for subscribers.

Note! You need to be aware that you don’t need to have just one login path. If your theme has a login path for subscribers, you can activate the theme’s security for that URL and have your own secret login path in Hide My WP Ghost.

Good, now that you have set a login path in Hide My WP Ghost, it’s time to activate the Brute Force attack protection for it.

Step 1. Activate Brute Force Protection

Go to “Hide My WP Ghost> Brute Force” and switch on the feature. You will notice that the options “Math Captcha” and “Google reCaptcha” appear. In the free version, you can onlyselect the Math Captcha, so let’s select it.

Step 2. Set the Math Captcha

Enter the number of failed attempts a user can have before the block message appears. The math fail attempts are not counted by the math captcha.

On every fail, the user will see the remaining number of fail attempts before the lockout occurs. If the user reaches the maximum number of fails you have set, they will not be able to access the login page for 3600 seconds (1 hour), or the number of seconds you have set in the “Ban duration” field.

You can also set the Lockout Message” to show a custom lockout message on the login page.

Step 3. Whitelist and Blacklist

This step is important when you have a static IP address and you want to prevent your IP from being banned in case you forget the password. You can also set a range of IPs you what to whitelist (192.168.0.* or 192.168.*.*) – to cover a subclass of IPs.

Also, it’s important to be able to ban an IP address or a range of IPs known to be harmful or spammers. You can add a range (e.g. 192.168.0.* or 192.168.*.*) to cover a subclass of IPs.

Step 4. Google reCaptcha

If you have purchased the Hide My WP Ghost version of Hide My WordPress Plugin, you can select Google reCaptcha to protect the login process.

To setup Google reCaptcha, you need to follow the link https://www.google.com/recaptcha/admin#list and create a V2 reCaptcha. Add a unique Label, select the V2 Checkbox, and add your domain to the Domains list.

Once you register the new reCaptcha domain you will be redirected to a new page where you have access to the Site Key and the Secret Key.

Copy and paste the Site and Secret keys into Hide My WP Ghost and click “Save settings”. Now you can click on the reCaptcha test button to make sure it’s working properly and you will not be locked out from your website.

Conclusion

If you followed all the above steps, you are protected from Brute Force attacks on your login page.

Note! To increase the security, make sure you avoid setting the username to “admin” and passwords such as “123456”, which are the first credentials a hacker bot tries – it will not need a second chance to get into your website’s admin area.

Feel free to contact us with feedback and suggestions here

In the next lesson you will learn how to protect your WordPress common paths and to be sure your website is hidden from theme detectors.

Published by
John Darrel

Recent Posts

Use WP-Rocket with Hide My WP Ghost

Even if WP-Rocket doesn't have a free version of the cache plugin, we tell you…

4 weeks ago

Setup a User to Configure Hide My WP

Temporary install this plugin https://wordpress.org/plugins/user-role-editor/ Go to User > All Users, click on Capabilities from the user…

4 months ago

Setup Hide My WP on Flywheel Server

As Flywheel stands apart from most other managed WordPress hosting companies by offering a number…

9 months ago

Use Autoptimize with Hide My WP Ghost

First, let’s see why Autoptimize is a great plugin and why you should use it…

10 months ago

Setup Hide My WP on Amazon AWS Lightsail

Apache version on AWS Lightsail WordPress Step1: Install, Setup Hide My WP Ghost Plugin and…

10 months ago

Protect My WordPress Website

This is the question we asked ourselves as a software company many years ago when…

10 months ago