This article was published 10 years ago, therefore the contents of this post may be out of date.

WordPress is now powering more than 40% of online presence, as it’s became a popular piece of software for us to use it’s also became popular for hackers and data snoopers who are on the hunt for vulnerabilities inside WordPress.

One of the most common ways of hacking & bringing WordPress site down is through brute force attacks, this is where a bot tries to hack into the WordPress admin area by trying out multiple combinations of usernames & passwords until the bots successful.

As brute force attacks has become a widespread problem and unfortunately websites that is powered by WordPress are one of most common targets, but luckily there are a few plugins that you can install on your WordPress websites to secure against such attacks so for this weeks WordPress Wednesday feature you will find below 6 best brute force plugins that could help you and your site out.

1. WordFence Security – Free


Wordfence Security plugin is a free enterprise class security and performance plugin that makes your site up to 50 times faster + more secure as Wordfence provides a real-time security to the WordPress websites as it scans the source code of your site by comparing it to the official WordPress repository core, themes and plugins. It provides you real-time information about your visitors and attackers.

2. BruteProtect – Free


BruteProtect is a security plugin that guards against botnets by connecting its users to track every failed login attempt across all installed users of the plugin. When you activate BruteProtect you become a part of an Internet-connected counter force that works against botnets.

3. Rename WP-Login.php – Free


Rename wp-login.php is a very light plugin that lets you easily and safely change wp-login.php to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any site. While the wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url and while deactivating this plugin brings your site back exactly to the state it was before.

4. Clef – Free


Clef is an plugin that i use on various WordPress powered websites, this plugin allows you to eliminate password from equation. as once you installed the plugin on your WordPress website, you need simply to download the Clef app on your smartphone. As the Clef mobile application replaces the usernames and passwords with your smartphone.

5. iThemes Security – Free


iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site. This plugins works to fix common holes, stop automated attacks and strengthen user credentials. With one-click activation for most features, as well as advanced features for experienced users.



BotPlug is designed to help you secure and protect your WordPress website from malicious bots & crawlers and brute-force attacks which rely on making repeated requests.

Examples of this sort of attach are the infamous ‘xmlrpc’ problem – although the vulnerability in WordPress is now fixed, the repetitive and aggressive spam traffic can still cause serious problems.By slowing down, rate-limiting, redirecting and/or blocking requests from IP Addresses which have made an excessive quantity of requests in a short period of time (or by showing them a CAPTCHA to ensure they are human), BotPlug reduces the load on your server from these unwanted visitors


WordPress Wednesday – 6 Best Plugins to Prevent Brute Force Attacks