Brute Force Attack Protection

What is a Brute Force Attack?

A brute force attack is an activity which involves repetitive, successive attempts using various password combinations to break into a website.

Hackers try various combinations of usernames and passwords, again and again, until they get in. For their attacks, hackers use bots or automated tools.


Which Websites Are Targeted By Hackers?

Brute force attacks are common against popular CMS platforms (e.g. WordPress, Joomla, etc.) and against common services, such as FTP and SSH.  Statistics show that WordPress has been the most affected CMS in recent years.

Most brute force attacks work by targeting a website, typically the login page and xmlrpc file.

Usually, every common ID (e.g. “admin”) has a password. All hackers need to do is to guess the password based on words in a dictionary.


Activate Brute Force Protection

To activate Brute Force option, switch on Hide My WP > Brute Force > Use Brute Force Protection

Activate Math Captcha Protection

To activate Math Captcha Protection, select on Hide My WP > Brute Force > Math Check protection

Activate Math Captcha Protection

You can now select the limit of fail login attempts a user can do before he is temporarily locked. You can also set the ban duration and the lockout message the user received on the login page.

fail login  attempts

By default, the maximum number of failed login attempts is 5 and the ban duration is one hour.

Activate Google reCaptcha Protection

To activate Google reCaptcha Protection, select on Hide My WP > Brute Force > reCaptcha protection

Activate Google reCaptcha Protection

The Google reCaptcha settings will show so that you can enter the Site Key and Secret Key select the reCaptcha theme and language.

hide my wp recaptcha settings

To set a new reCaptcha at Google, go to https://www.google.com/recaptcha/admin#list and click to create a new reCaptcha.

After you enter new Label name just select the reCaptcha v2 and “I’m not a robot” Checkbox.

Now enter the domain name on which you want to use reCaptcha, read and accept the terms and click the Submit button.

google recaptcha v2 settings

On the next page you will see the Site Key and Secrete Key you need to copy into Hide My WP Ghost settings.

google recaptcha v2 keys

After you paste the reCaptcha keys, Save the settings and a Login test button will appear under the reCaptcha settings.

hide my wp recaptcha login test

Click on the reCAPTCHA Test button and check if the login process works properly before you logout from your website.


Ban an IP address or multiple IP addresses

This feature can be used to permanently ban an IP address or multiple IP addresses from your login page.

You can enter an IP address range like 192.168.0.*, 192.168.*.* or even 192.*.*.* if you want to block an entire IP class.

Ban an IP address or multiple IP addresses

Whitelist an IP address or multiple IP addresses

If you want to prevent your IP address or your team IP address from being blocked in case you have multiple fail login attempts, just add it in the whitelist list.

You can enter an IP address range like 192.168.0.*, 192.168.*.* or even 192.*.*.* if you want to whitelist an entire IP class.

Whitelist an IP address or multiple IP addresses

Ban IP address

Hide My WP Ghost only block IP addresses from accessing the login page and not the entire website.

Was This Article Helpful?

0 Comments

There are no comments yet

Leave a comment

Your email address will not be published. Required fields are marked *