Name: Brute-Force-Login-Prevention
Owner: 10up
Description: Assists in preventing common brute force login attempts by modifying the default login URL for WordPress.
Created: 2013-05-29 21:45:44.0
Updated: 2017-10-04 18:04:38.0
Pushed: 2013-05-29 23:50:01.0
Homepage: null
Size: 151
Language: PHP
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
Brute Force Login Prevention isn't as much a security measure as it is a stop this brute force bot from swamping my server, please measure.
By preventing access to the default wp-admin/ and wp-login.php URLs used by WordPress during the login process, you can quickly get a bot to go elsewhere to look for prey. Combine this with username other than admin and a secure password and things are looking pretty good.
brute-force-login-prevention.conf in your site's Nginx configuration. This can be done with some careful copy/paste or with the Nginx include directive.brute-force-login-prevention.php in the wp-content/mu-plugins/ directory of your WordPress installation.