Here is a list of 10 things to do to protect your WordPress website against brute force attacks:

  1. If your username is admin, change it immediately.
  2. Update your password and make it difficult.
  3. Download the plugin WP-reCAPTCHA.
  4. Sign into your Google account and go to
  5. Add your website from this page
  6. Go back to your WordPress website and add the public & private keys within the WP-reCAPTCHA plugin settings.
  7. Download the plugin Login reCAPTCHA. This will place a reCAPTCHA form in your login area, effectively stopping brute force attacks.
  8. The final step is to install the plugin Better WP Security.
  9. Within Better WP Security, go to the Hide tab and change the Login URL to something other than
  10. Within Better WP Security settings, go to the Login tab and enable the Limit Login Attempts in order to lock out users who attempt to access the website admin area more than your specified number of times.
Erik Rostad

Author Erik Rostad

Erik Rostad started EPR Creations in May 2008. He works with universities, international organizations, and executives on their online presence.

More posts by Erik Rostad

Join the discussion One Comment

Leave a Reply