March 4, 2020
Last Updated On March 6, 2020
A new way to combat WordPress Brute Force Attacks just arrived with the new iThemes Brute Force Protection Network. This new brute force protection setting is available in the latest version of iThemes Security — free to download on the WordPress.org Plugin Directory.
Understanding Brute Force Attacks
Unlike hacks that focus on vulnerabilities in software, brute force attacks exploit the simplest method of gaining access to a site: by trying usernames and passwords, over and over again, until it gets in. If one had unlimited time and wanted to try an unlimited number of password combinations to get into your site they eventually would, right?
WordPress sites, by default, are susceptible to this form of attack, because the system allows users unlimited attempts to log in. Enabling login limits will ban the host user from attempting to login again after the specified bad login threshold has been reached.
Network vs Local Brute Force Protection
iThemes Security includes two methods of brute force protection: local and network.
- Local brute force protection looks only at attempts to access your site and bans users per the lockout rules specified locally.
- Network brute force protection takes this a step further by banning users who have tried to break into other sites from breaking into yours.
Introducing the iThemes Brute Force Protection Network
By enabling this new setting in iThemes Security, the iThemes Brute Force Protection Network will automatically report the IP addresses of failed login attempts to iThemes and will block them for a length of time necessary to protect your site based on the number of other sites that have seen a similar attack.
The main benefit of this approach to brute force attack protection is the potential for millions of sites united against malicious IPs that are attacking WordPress sites everywhere.
How to Enable the iThemes Brute Force Protection Network
1. Make sure you’re running iThemes Security v7.6.1 or iThemes Security Pro v6.4.2. After updating, you’ll see this notice to get your iThemes Brute Force Network Protection API key.
2. Click the Get API Key button.
You’ll be taken to the Brute Force Protection section in the plugins’ Settings Page. (You can also get here by using the drop-down navigation at the top of this screen).
This article was written by Kristen Wright and originally published on WordPress News and Updates from iThemes – iThemes.