WordPress – Discourage Brute Force

A common technique used by hackers to gain unauthorized access to websites is called ‘Brute Force’. Using this technique, hackers use software designed to scan a website for vulnerabilities and gain access by exploiting any of them. I use IP blocking security on my websites because they actively block malicious requests. One common entry point that these brute force bots try to exploit is by running an author scans. In this article, we will show you how to discourage brute force by blocking author scans in WordPress.

Note: If you are using Limit Login Attempt and Google Authenticator, then you are pretty well-protected against brute-force attacks.

First let’s understand what these brute force attempts are trying to do. At first they try to find a username on your blog or the author id. Often the username used to sign into WordPress and the author name are the same. Once they find a username, then this solves 50% of the puzzle. Now they brute force your site to crack the password by trying various different password combinations.

To block author scanning on your website, simply add this code in .htaccess file in WordPress root directory.

1 # BEGIN block author scans
3 RewriteEngine On
4 RewriteBase /
5 RewriteCond %{QUERY_STRING} (author=\d+) [NC]
6 RewriteRule .* - [F]
8 END block author scans

This will block bots from running author scans on your website. Your website users can still access the author pages, but bots will not be able to do so.

We hope that you found this tip useful. We want to emphasize that this does not prevent brute force attacks. This is just a cautionary step that you can take to discourage the hacker. When someone desperately wants to attack your site, then they will find a way to do so.

Looking for quality WordPress Hosting? Look no further than Arvixe Web Hosting!

Tags: , , , , , , , , | Posted under WordPress | RSS 2.0

Author Spotlight

TJ Marsh

My name is Tj Marsh. I spend about 16 hours a day on the internet. Running my company and helping out here at Arvixe. I live in the good ole Arizona where it gets ridiculously hot. I love WordPress and a lot of other open source software along with coding.

One Comment on WordPress – Discourage Brute Force

  1. Noman says:

    I agree with you,Limit Login Attempt is a good plugin for wp login protection.another good plugin All In One WP Security & Firewall,Great plugin for brute force attack protection.thanks for your useful post:) waiting for next post.

Leave a Reply

Your email address will not be published. Required fields are marked *