To log into a WordPress Site, user name and password are required.
Hacker can obtain user name from the name of author in blog post, then goto WordPress default log-in page — https://your_domain_name.com//wp-admin/ , hacker will guess password to log into your WordPress site, hence “brute force”.
In a minute, if a hacker can guess 10 passwords then in a day, hacker can try 14,400 different passwords (10 x 60 x 24 ) to try to log into your WordPress site.
It is a matter of time, the hacker can guess the correct password.
Solution: use “Loginizer Security” plug-in to prevent brute force attack
- Install plug-in “Loginizer Security“.
- Under “Blacklist”, enter range of IP address that is not in your home country. This will reduce brute force attack significantly.