Comments on: Defying Brute Force Attacks on WordPress Logins

By: Viktoria Michaelis

Viktoria Michaelis — Tue, 23 Apr 2013 21:37:09 +0000

Pity that there isn’t an easier way…

By: The Brute-Force Password Attack on WordPress Sites « Lorelle on WordPress

The Brute-Force Password Attack on WordPress Sites « Lorelle on WordPress — Tue, 23 Apr 2013 04:48:12 +0000

[...] wrote about brute-force attacks on WordPress logins last year recommending to all to get serious about making your usernames and passwords stronger. A year later [...]

By: Slaying Dragons in Codeland » Website Security: Defend Your WordPress Installation against Brute Force and Cross Frame Scripting

Thu, 18 Oct 2012 21:20:00 +0000

[...] to run through a whole series of passwords or MD5 hash combinations to gain access to your website. Lorelle.wordpress.com has a great write-up on the issue along with resources to assist you in the battle of protecting [...]

By: genomega1

genomega1 — Mon, 27 Aug 2012 12:19:13 +0000

Reblogged this on News You May Have Missed and commented: Update WordPress Now: Reuters Hacked

By: Update WordPress Now: Reuters Hacked « Lorelle on WordPress

Update WordPress Now: Reuters Hacked « Lorelle on WordPress — Mon, 27 Aug 2012 05:07:30 +0000

[...] Defying Brute Force Attacks on WordPress Logins [...]

By: Lorelle VanFossen

Lorelle VanFossen — Fri, 27 Apr 2012 02:15:52 +0000

There are WordPress Plugins that use password-strength meters for sites with extensive registered users or members. However, if you have less than 20 people registered with your site, an email reminder to ensure they make their passwords strong is better than adding another Plugin.

We tend to put a lot of energy into serving the lowest common denominator and we need to start trusting people to look after themselves, too. Education is the key, not gatekeepers.

By: Aaron

Aaron — Fri, 27 Apr 2012 01:58:15 +0000

I think this one is key:

“2. Do not allow users to set weak passwords like ‘password’.”

Because you can inform people that they need strong passwords but some people actually think that “password!” is strong — because they don’t understand how serious

Do you know of any ways/plugins to force a certain quality of password on WP? It shouldn’t be that difficult, since WP already has the built in password-strength meter.

By: freddyflow

freddyflow — Mon, 19 Mar 2012 00:54:27 +0000

Thanks, Dennis. Yes, I can’t imagine life without Lastpass!

Another great timesaver is activewords.com. These are my dynamic duo…

-Freddy Flow

By: LGR

LGR — Sun, 18 Mar 2012 17:55:28 +0000

Aside from having a strong password and using a login that is not the admin account I also like having the Login Lockdown plugin installed. It will slow down and stop many brute force attacks. The best feature is you can tell it to automatically lock out unknown usernames, so if the attacker tries to login with a username that does not exist they get locked out right away. It has been great. I am sure there are other plugins that do similar things but that is my favourite.

By: Lorelle’s World as of March 17th, 2012 | Taking Your Camera on the Road

Sun, 18 Mar 2012 05:42:17 +0000

[...] VanFossen shared Defying Brute Force Attacks on WordPress Logins. Defying Brute Force Attacks on WordPress [...]