What is a Brute Force Attack?
A brute force attack is an activity which involves repetitive, successive attempts using various password combinations to break into a website.
Hackers try various combinations of usernames and passwords, again and again, until they get in. For their attacks, hackers use bots or automated tools.
Which Websites Are Targeted By Hackers?
Brute force attacks are common against popular CMS platforms (e.g. WordPress, Joomla, etc.) and against common services, such as FTP and SSH. Statistics show that WordPress has been the most affected CMS in recent years.
Most brute force attacks work by targeting a website, typically the login page and xmlrpc file.
Usually, every common ID (e.g. “admin”) has a password. All hackers need to do is to guess the password based on words in a dictionary.
Activate Brute Force Protection
To activate Brute Force option, switch on Hide My WP > Brute Force > Use Brute Force Protection
Activate Math Captcha Protection
To activate Math Captcha Protection, select on Hide My WP > Brute Force > Math Check protection
You can now select the limit of fail login attempts a user can do before he is temporarily locked. You can also set the ban duration and the lockout message the user received on the login page.
By default, the maximum number of failed login attempts is 5 and the ban duration is one hour.
Activate Google reCaptcha Protection
To activate Google reCaptcha Protection, select on Hide My WP > Brute Force > reCaptcha protection
The Google reCaptcha settings will show so that you can enter the Site Key and Secret Key select the reCaptcha theme and language.
To set a new reCaptcha at Google, go to https://www.google.com/recaptcha/admin#list and click to create a new reCaptcha.
After you enter new Label name just select the reCaptcha v2 and “I’m not a robot” Checkbox.
Now enter the domain name on which you want to use reCaptcha, read and accept the terms and click the Submit button.
On the next page you will see the Site Key and Secrete Key you need to copy into Hide My WP Ghost settings.
After you paste the reCaptcha keys, Save the settings and a Login test button will appear under the reCaptcha settings.
Click on the reCAPTCHA Test button and check if the login process works properly before you logout from your website.
Ban an IP address or multiple IP addresses
This feature can be used to permanently ban an IP address or multiple IP addresses from your login page.
You can enter an IP address range like 192.168.0.*, 192.168.*.* or even 192.*.*.* if you want to block an entire IP class.
Whitelist an IP address or multiple IP addresses
If you want to prevent your IP address or your team IP address from being blocked in case you have multiple fail login attempts, just add it in the whitelist list.
You can enter an IP address range like 192.168.0.*, 192.168.*.* or even 192.*.*.* if you want to whitelist an entire IP class.