Combat WordPress Brute Force Attacks with the iThemes Brute Force Protection Network – Free in iThemes Security


Written by

Kristen Wright

March 4, 2020

Last Updated On March 6, 2020

A new way to combat WordPress Brute Force Attacks just arrived with the new iThemes Brute Force Protection Network. This new brute force protection setting is available in the latest version of iThemes Security — free to download on the Plugin Directory.

Understanding Brute Force Attacks

Unlike hacks that focus on vulnerabilities in software, brute force attacks exploit the simplest method of gaining access to a site: by trying usernames and passwords, over and over again, until it gets in. If one had unlimited time and wanted to try an unlimited number of password combinations to get into your site they eventually would, right?

WordPress sites, by default, are susceptible to this form of attack, because the system allows users unlimited attempts to log in. Enabling login limits will ban the host user from attempting to login again after the specified bad login threshold has been reached.

Network vs Local Brute Force Protection

iThemes Security includes two methods of brute force protection: local and network.

  • Local brute force protection looks only at attempts to access your site and bans users per the lockout rules specified locally.
  • Network brute force protection takes this a step further by banning users who have tried to break into other sites from breaking into yours.

Introducing the iThemes Brute Force Protection Network

By enabling this new setting in iThemes Security, the iThemes Brute Force Protection Network will automatically report the IP addresses of failed login attempts to iThemes and will block them for a length of time necessary to protect your site based on the number of other sites that have seen a similar attack.

The main benefit of this approach to brute force attack protection is the potential for millions of sites united against malicious IPs that are attacking WordPress sites everywhere.

How to Enable the iThemes Brute Force Protection Network

1. Make sure you’re running iThemes Security v7.6.1 or iThemes Security Pro v6.4.2. After updating, you’ll see this notice to get your iThemes Brute Force Network Protection API key.

2. Click the Get API Key button.

You’ll be taken to the Brute Force Protection section in the plugins’ Settings Page. (You can also get here by using the drop-down navigation at the top of this screen).


3. Enter your email address to get your API key. Your API key will immediately be emailed to you.

We also recommend opting into our WordPress Security newsletter. We’ll keep you informed on the latest news and updates in WordPress security.

4. Click Save All Changes. 

5. Check your inbox for your confirmation email with your API key. iThemes Security will automatically send you an email containing your iThemes Brute Force Protection Network API key.


6. All done! You’ve protected your site with the iThemes Brute Force Protection Network. Your API key will be automatically applied for you, so no further action is required. 

Get iThemes Security Pro with 30+ Ways to Protect Your WordPress Site Now

Get the #1 WordPress Security plugin with over 30+ ways to protect your WordPress site including scheduled malware scanning, two-factor authentication, ticketed support and more!

Get iThemes Security Pro Now

Keep reading the article at WordPress News and Updates from iThemes – iThemes. The article was originally written by Kristen Wright on 2020-03-04 11:20:54.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Leave a Comment

Your email address will not be published. Required fields are marked *

Show Your ❤️ Love! Like Us
Scroll to Top