Problem

To log into a WordPress Site, user name and password are required.

Hacker can obtain user name from the name of author in blog post, then goto WordPress default log-in page — https://your_domain_name.com//wp-admin/ , hacker will guess password to log into your WordPress site, hence “brute force”.

In a minute, if a hacker can guess 10 passwords then in a day, hacker can try 14,400 different passwords (10 x 60 x 24 ) to try to log into your WordPress site.

It is a matter of time, the hacker can guess the correct password.

Solution: use “Loginizer Security” plug-in to prevent brute force attack

1. Install plug-in “Loginizer Security“.
   
2. Under “Blacklist”, enter range of IP address that is not in your home country. This will reduce brute force attack significantly.