Does locking access to wp-login.php protect against brute force attacks?

  • Resolved ninsan

    (@jennyrigsjo)


    3 years, 11 months ago

    Hello,

    I’m going over the security on my website and I have been reading about the issue of so-called “brute force” attacks (repeated hammering of the wp-login.php file in order to hack the admin password). My question is: is the WPUM option ‘Lock access to wp-login.php’ enough to defend against this type of attack? When I say “enough” I’m thinking not only of preventing hackers from using brute force methods to break into the site but also of reducing the impact of such attacks on the server’s performance. Does enabling the option ‘Lock access to wp-login.php’ address these issues, or would I need to install a separate plugin?

    I apologise if this is a strange or inappropriately worded question. I’m a beginner programmer and I’ve looked through the WPUM documentation but I haven’t been able to find any article that explains in detail what the option ‘Lock access to wp-login.php’ does.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author WP User Manager

    (@wpusermanager)

    Hey @jennyrigsjo! Lock access to wp-login.php will make the normal WordPress login page (wp-login.php) inaccessible so it will stop brute force attempts on that page for sure.

    I recommend using Google reCAPTCHA also to protect the login and registration pages from bots.

    ?Let me know if you need anything further.

    Thread Starter ninsan

    (@jennyrigsjo)

    Hi @wpusermanager, thank you for your reply and for the Google reCAPTCHA recommendation. I will definitely look into it!

    Happy holidays!

    /jenny

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Does locking access to wp-login.php protect against brute force attacks?’ is closed to new replies.