{"id":2604,"date":"2013-04-11T22:08:20","date_gmt":"2013-04-12T02:08:20","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/support\/2013\/04\/11\/wp-login-brute-force-attack\/"},"modified":"2024-03-11T16:40:35","modified_gmt":"2024-03-11T20:40:35","slug":"wp-login-brute-force-attack","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/","title":{"rendered":"WordPress wp-login.php Brute Force Attack"},"content":{"rendered":"<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2013\/04\/Preventing-wp-login-Brute-Force-Attacks-1024x538.png\" alt=\"\" class=\"wp-image-105421\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2013\/04\/Preventing-wp-login-Brute-Force-Attacks-1024x538.png 1024w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2013\/04\/Preventing-wp-login-Brute-Force-Attacks-300x158.png 300w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2013\/04\/Preventing-wp-login-Brute-Force-Attacks-768x403.png 768w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2013\/04\/Preventing-wp-login-Brute-Force-Attacks.png 1200w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/figure>\n\n\n\n<p>There have now been several large scale WordPress <strong>wp-login.php brute force<\/strong> attacks, coming from a large amount of compromised IP addresses spread across the world since April 2013.<\/p>\n\n\n\n<p>We first started this page when a large botnet of around 90,000 compromised servers had been attempting to break into WordPress websites by continually trying to guess the username and password to get into the WordPress admin dashboard.<\/p>\n\n\n\n<p>You can quickly <a href=\"\/support\/edu\/wordpress\/review-wordpress-login-attempts\/\" target=\"_blank\" rel=\"noopener noreferrer\">review WordPress login attempts<\/a> to see if your site has recently been under attack.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Global WordPress brute force attack<\/h2>\n\n\n\n<div class=\"alert alert-danger\">Please remember these issues are not isolated to <strong>InMotion Hosting or our <a href=\"https:\/\/www.inmotionhosting.com\/wordpress-hosting\">WordPress Hosting<\/a><\/strong>. For example, here is one that was <a href=\"https:\/\/it.slashdot.org\/story\/13\/04\/12\/1940248\/wordpress-sites-under-wide-scale-brute-force-attack\" target=\"_blank\" rel=\"noopener noreferrer\">affecting multiple providers<\/a>.\n<p>\u00a0<\/p>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><a name=\"general-protection\"><\/a>General WordPress brute force protection<\/h2>\n\n\n\n<p><strong>Please note<\/strong> \u2013 before adding and removing plugins or making changes in general, you should <a href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-backups\/\">backup your WordPress<\/a> with a reputable plugin.<\/p>\n\n\n\n<p>While we do <strong>HIGHLY<\/strong> recommend implementing as many secure solutions as possible for WordPress, the following guides would be a great first step in protecting yourself and your WordPress site from further attacks.<\/p>\n\n\n\n<div class=\"alert alert-info\">\n<ul>\n<li><strong><a href=\"#top-10\">10 recommended steps to lock down and secure WordPress<\/a> (bottom of this guide)<\/strong><\/li>\n<li><strong><a href=\"\/support\/edu\/wordpress\/prevent-unauthorized-wp-admin-wp-login-php-attempts\/\" target=\"_blank\" rel=\"noopener noreferrer\">Setup secondary WordPress admin password<\/a><\/strong><\/li>\n<li><strong><a href=\"\/support\/edu\/wordpress\/hiding-your-wordpress-admin-url-with-ithemes-security\/\" target=\"_blank\" rel=\"noopener noreferrer\">Change WordPress admin URL with iThemes Security plugin<\/a><\/strong><\/li>\n<li><strong><a href=\"\/support\/edu\/wordpress\/lock-down-wordpress-admin-login-with-htaccess\/\" target=\"_blank\" rel=\"noopener noreferrer\">Limit WordPress admin logins by IP address<\/a><\/strong><\/li>\n<\/ul>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\">InMotion Hosting\u2019s defense plan<\/h3>\n\n\n\n<p>Our senior system administration team has rolled out a fleet wide security policy to help contain these attacks.<\/p>\n\n\n\n<p>We are proactively protecting our customers to help stop the spread of further attacks. These malicious bots are trying to break into one WordPress site, and then using it as part of the botnet to begin attacking other sites.<a name=\"blocked-by-inmotion\"><\/a><\/p>\n\n\n\n<div class=\"alert alert-danger\"><strong>InMotion Hosting<\/strong> customers locked out of WordPress, please follow this specific guide:<strong><br><a href=\"\/support\/edu\/wordpress\/login-temporarily-disabled\/\" target=\"_blank\" rel=\"noopener noreferrer\">WordPress login temporarily disabled (fix)<\/a><\/strong><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Helping the community<\/h3>\n\n\n\n<p>I took place in an almost 2 hour Google+ hangout with the WordPress Bay Area Foothills Meetup Group consisting of some InMotion customers as well as other WordPress users.<\/p>\n\n\n\n<p>In this hangout I covered this WordPress brute force attack, and walked them through this article as well as answered other WordPress security related questions.<a name=\"top-10\"><\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">10 recommended steps to lock down and secure WordPress<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. Use a strong password<\/h3>\n\n\n\n<p><strong>Minimum password recommendations:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>At least 8 characters total<\/li>\n\n\n\n<li>Mixture of upper and lower-case letters<\/li>\n\n\n\n<li>Numbers, punctuation or other non-alphanumeric characters<\/li>\n<\/ul>\n\n\n\n<p><strong>Example weak password:<\/strong> secret1<br><strong>Improved strong password:<\/strong> Z#hupsZ2M4!Z<\/p>\n\n\n\n<p>Take a look at <a href=\"\/support\/edu\/wordpress\/create-secure-wordpress-admin-password\/\" target=\"_blank\" rel=\"noopener noreferrer\">how to create a secure WordPress admin password<\/a> for easy steps.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Change default WordPress admin username<\/h3>\n\n\n\n<p>When installing WordPress, by default the administrator user has the username of admin.<\/p>\n\n\n\n<p>The botnet attack is currently only targeting this default username, so even having an administrator username of admin123 could significantly reduce the likelihood of your site being successfully logged into by a malicious user.<\/p>\n\n\n\n<p>Check out <a href=\"\/support\/edu\/wordpress\/change-wordpress-admin-username-for-security\/\" target=\"_blank\" rel=\"noopener noreferrer\">how to change the WordPress default admin username for security<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Lock down WordPress admin access with .htaccess<\/h3>\n\n\n\n<p>Utilizing a WordPress brute force plugin for this type of attack is not very efficient, and in some cases can actually lead to your site becoming unavailable due to the large amount of processing power used to attempt to challenge each and every malicious login attempt.<\/p>\n\n\n\n<p>Setup a secondary level password to <a href=\"\/support\/edu\/wordpress\/prevent-unauthorized-wp-admin-wp-login-php-attempts\/\" target=\"_blank\" rel=\"noopener noreferrer\">prevent unauthorized WordPress wp-admin and wp-login.php attempts<\/a>.<\/p>\n\n\n\n<p>Or you can rely on the information we have on <a href=\"\/support\/edu\/wordpress\/lock-down-wordpress-admin-login-with-htaccess\/\" target=\"_blank\" rel=\"noopener noreferrer\">limiting WordPress admin access with .htaccess<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4. Temporarily disable CPU intensive login limit plugins<\/h3>\n\n\n\n<p>Blocking this attack with .htaccess rules is the preferred method, as login limiting plugins can not only lead to issue with triggering our own internal security rules, but they also will not be effective in this type of large scale attack.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5. Scan website for hacks, check Google Safe Browsing<\/h3>\n\n\n\n<p>If your WordPress site had been successfully compromised, a clear indication will usually be found either by a surface security scan of the website, or it will also get reported to Google\u2019s Safe Browsing.<\/p>\n\n\n\n<p>Check Google\u2019s safe browsing for your domain, at <a href=\"https:\/\/transparencyreport.google.com\/safe-browsing\/search\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/transparencyreport.google.com\/safe-browsing\/search<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6. Setup CloudFlare DNS level protection<\/h3>\n\n\n\n<p>Due to the large scale of this botnet attack, <a href=\"https:\/\/blog.cloudflare.com\/patching-the-internet-fixing-the-wordpress-br\/\" target=\"_blank\" rel=\"noopener noreferrer\">CloudFlare<\/a> has offered DNS level filtering for this attack on all of their free accounts.<\/p>\n\n\n\n<p>While probably not an ideal solution if you have many WordPress sites due to having to update the name servers for each domain, and then waiting typically 24-36 hours for DNS propagation. Single site owners might benefit greatly from this type of protection which should block the botnet requests from even making it to the server in the first place.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">7. Backup WordPress<\/h3>\n\n\n\n<p>At this point it\u2019s probably a good idea to backup WordPress just in case. That way, as the attacks continue, you\u2019re ensured that you always have a good point to restore back to in the event something goes bad.<\/p>\n\n\n\n<p><strong>Backing up your data<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"\/support\/edu\/cpanel\/cpanel-backups\/\" target=\"_blank\" rel=\"noopener noreferrer\">Backup your website files in cPanel<\/a><\/li>\n\n\n\n<li><a href=\"\/support\/edu\/cpanel\/cpanel-backups\/\" target=\"_blank\" rel=\"noopener noreferrer\">Backup your database in cPanel<\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>Restoring your data<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"\/support\/edu\/cpanel\/cpanel-backups\/\" target=\"_blank\" rel=\"noopener noreferrer\">Restore your website files in cPanel<\/a><\/li>\n\n\n\n<li><a href=\"\/support\/edu\/cpanel\/cpanel-backups\/\" target=\"_blank\" rel=\"noopener noreferrer\">Restore your database in cPanel<\/a><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8. Update everything WordPress<\/h3>\n\n\n\n<p>To protect yourself from any known exploits to WordPress you should update everything related to WordPress:<\/p>\n\n\n\n<p><strong>Necessary updates to make:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"\/support\/edu\/wordpress\/update-wordpress-from-admin-dashboard\/\" target=\"_blank\" rel=\"noopener noreferrer\">Update WordPress from admin dashboard<\/a><\/li>\n\n\n\n<li><a href=\"\/support\/edu\/wordpress\/themes\/update-wordpress-theme\/\" target=\"_blank\" rel=\"noopener noreferrer\">Update WordPress theme<\/a><\/li>\n\n\n\n<li><a href=\"\/support\/edu\/wordpress\/plugins\/update-wordpress-plugin\/\" target=\"_blank\" rel=\"noopener noreferrer\">Update WordPress plugin<\/a><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9. Clean up hacks<\/h3>\n\n\n\n<p>If your website has been the victim of a hack, you can follow my guide on <a href=\"\/support\/edu\/wordpress\/reinstall-wordpress-after-a-hack\/\" target=\"_blank\" rel=\"noopener noreferrer\">how to reinstall WordPress after a hack<\/a> for steps on cleaning it up and getting back in business.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">10. Other general WordPress recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"\/support\/edu\/wordpress\/plugins\/w3-total-cache\/\" target=\"_blank\" rel=\"noopener noreferrer\">Optimizing WordPress with W3 Total Cache plugin<\/a><\/li>\n\n\n\n<li><a href=\"\/support\/edu\/wordpress\/log-out-of-admin-dashboard-when-not-in-use\/\" target=\"_blank\" rel=\"noopener noreferrer\">Log out of WordPress admin dashboard when not in use<\/a><\/li>\n\n\n\n<li><a href=\"\/support\/edu\/wordpress\/limit-or-disable-wordpress-revisions\/\" target=\"_blank\" rel=\"noopener noreferrer\">Limit or disable WordPress revisions<\/a><\/li>\n\n\n\n<li><a href=\"\/support\/edu\/wordpress\/disable-wordpress-autosave\/\" target=\"_blank\" rel=\"noopener noreferrer\">Disable WordPress autosave<\/a><\/li>\n\n\n\n<li><a href=\"\/support\/edu\/wordpress\/plugins\/revision-management-wordpress-plugins\/\" target=\"_blank\" rel=\"noopener noreferrer\">Install and use Better Delete Revision WordPress plugin<\/a><\/li>\n\n\n\n<li>Get <a href=\"https:\/\/inmotionhosting.com\/wordpress-hosting\">WordPress Hosting<\/a> from us!<\/li>\n<\/ul>\n\n\n\n<p>Hopefully your WordPress website should be locked down and secure now, which should help prevent our own internal security rules from blocking your own access to your WordPress admin.<\/p>\n\n\n\n<p>When the dust settles and you know how to prevent brute force attacks from getting access, please take some time to review our <a href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/\">repository of WordPress Tutorials<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There have now been several large scale WordPress wp-login.php brute force attacks, coming from a large amount of compromised IP addresses spread across the world since April 2013. We first started this page when a large botnet of around 90,000 compromised servers had been attempting to break into WordPress websites by continually trying to guess<a class=\"moretag\" href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/\"> Read More ><\/a><\/p>\n","protected":false},"author":57014,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4325,56],"tags":[],"class_list":["post-2604","post","type-post","status-publish","format-standard","hentry","category-wordpress-hosting","category-wordpress"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Prevent Brute Force Attacks with wp-login.php<\/title>\n<meta name=\"description\" content=\"The following guides would be a great first step in protecting yourself and your WordPress site from further Brute Force attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Prevent Brute Force Attacks with wp-login.php\" \/>\n<meta property=\"og:description\" content=\"The following guides would be a great first step in protecting yourself and your WordPress site from further Brute Force attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"InMotion Hosting Support Center\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inmotionhosting\/\" \/>\n<meta property=\"article:published_time\" content=\"2013-04-12T02:08:20+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-11T20:40:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2013\/04\/Preventing-wp-login-Brute-Force-Attacks-1024x538.png\" \/>\n<meta name=\"author\" content=\"InMotion Hosting Contributor\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/InMotionHosting\" \/>\n<meta name=\"twitter:site\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"InMotion Hosting Contributor\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/\"},\"author\":{\"name\":\"InMotion Hosting Contributor\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644\"},\"headline\":\"WordPress wp-login.php Brute Force Attack\",\"datePublished\":\"2013-04-12T02:08:20+00:00\",\"dateModified\":\"2024-03-11T20:40:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/\"},\"wordCount\":985,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2013\/04\/Preventing-wp-login-Brute-Force-Attacks-1024x538.png\",\"articleSection\":[\"WordPress Hosting\",\"WordPress Tutorials\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/\",\"name\":\"Prevent Brute Force Attacks with wp-login.php\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2013\/04\/Preventing-wp-login-Brute-Force-Attacks-1024x538.png\",\"datePublished\":\"2013-04-12T02:08:20+00:00\",\"dateModified\":\"2024-03-11T20:40:35+00:00\",\"description\":\"The following guides would be a great first step in protecting yourself and your WordPress site from further Brute Force attacks.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#primaryimage\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2013\/04\/Preventing-wp-login-Brute-Force-Attacks.png\",\"contentUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2013\/04\/Preventing-wp-login-Brute-Force-Attacks.png\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.inmotionhosting.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WordPress wp-login.php Brute Force Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"name\":\"InMotion Hosting Support Center\",\"description\":\"Web Hosting Support &amp; Tutorials\",\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\",\"name\":\"InMotion Hosting\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"contentUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"width\":696,\"height\":696,\"caption\":\"InMotion Hosting\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/inmotionhosting\/\",\"https:\/\/x.com\/InMotionHosting\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644\",\"name\":\"InMotion Hosting Contributor\",\"description\":\"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/inmotion-hosting\/\",\"https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting\"],\"url\":\"https:\/\/www.inmotionhosting.com\/support\/author\/inmotion-hosting-contributor\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Prevent Brute Force Attacks with wp-login.php","description":"The following guides would be a great first step in protecting yourself and your WordPress site from further Brute Force attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/","og_locale":"en_US","og_type":"article","og_title":"Prevent Brute Force Attacks with wp-login.php","og_description":"The following guides would be a great first step in protecting yourself and your WordPress site from further Brute Force attacks.","og_url":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/","og_site_name":"InMotion Hosting Support Center","article_publisher":"https:\/\/www.facebook.com\/inmotionhosting\/","article_published_time":"2013-04-12T02:08:20+00:00","article_modified_time":"2024-03-11T20:40:35+00:00","og_image":[{"url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2013\/04\/Preventing-wp-login-Brute-Force-Attacks-1024x538.png","type":"","width":"","height":""}],"author":"InMotion Hosting Contributor","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/InMotionHosting","twitter_site":"@InMotionHosting","twitter_misc":{"Written by":"InMotion Hosting Contributor","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#article","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/"},"author":{"name":"InMotion Hosting Contributor","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644"},"headline":"WordPress wp-login.php Brute Force Attack","datePublished":"2013-04-12T02:08:20+00:00","dateModified":"2024-03-11T20:40:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/"},"wordCount":985,"commentCount":0,"publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2013\/04\/Preventing-wp-login-Brute-Force-Attacks-1024x538.png","articleSection":["WordPress Hosting","WordPress Tutorials"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/","url":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/","name":"Prevent Brute Force Attacks with wp-login.php","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2013\/04\/Preventing-wp-login-Brute-Force-Attacks-1024x538.png","datePublished":"2013-04-12T02:08:20+00:00","dateModified":"2024-03-11T20:40:35+00:00","description":"The following guides would be a great first step in protecting yourself and your WordPress site from further Brute Force attacks.","breadcrumb":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#primaryimage","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2013\/04\/Preventing-wp-login-Brute-Force-Attacks.png","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2013\/04\/Preventing-wp-login-Brute-Force-Attacks.png","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wp-login-brute-force-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inmotionhosting.com\/support\/"},{"@type":"ListItem","position":2,"name":"WordPress wp-login.php Brute Force Attack"}]},{"@type":"WebSite","@id":"https:\/\/www.inmotionhosting.com\/support\/#website","url":"https:\/\/www.inmotionhosting.com\/support\/","name":"InMotion Hosting Support Center","description":"Web Hosting Support &amp; Tutorials","publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.inmotionhosting.com\/support\/#organization","name":"InMotion Hosting","url":"https:\/\/www.inmotionhosting.com\/support\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","width":696,"height":696,"caption":"InMotion Hosting"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inmotionhosting\/","https:\/\/x.com\/InMotionHosting"]},{"@type":"Person","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644","name":"InMotion Hosting Contributor","description":"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!","sameAs":["https:\/\/www.linkedin.com\/company\/inmotion-hosting\/","https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting"],"url":"https:\/\/www.inmotionhosting.com\/support\/author\/inmotion-hosting-contributor\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"primary_category":{"id":56,"name":"WordPress Tutorials","slug":"wordpress","link":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/"},"_links":{"self":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/2604","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/users\/57014"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/comments?post=2604"}],"version-history":[{"count":19,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/2604\/revisions"}],"predecessor-version":[{"id":109002,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/2604\/revisions\/109002"}],"wp:attachment":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/media?parent=2604"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/categories?post=2604"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/tags?post=2604"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}