How to prevent brute force attacks for WordPress Websites ?

Brute force attack is a type of attack against a website to gain access to the site by guessing the username and password, over and over again. Other kinds of hacks rely on website vulnerabilities whereas a brute force attack is a simple hit and miss method and can be tried on any site. A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. 

A Brute force attack is different then a DDOS attack. DDOS attacks simply hits the websites to bring it down where as Brute force attacks mainly try to compromise username and password of any website.

Since wordpress is a widely used content management system, by default wordpress admin login page is defined as wp-login.php.

Here are the ways we can prevent Brute force attack on wordpress websites:

1. Use complex and strong passwords for wordpress users

2. Use Google’s CAPTCHA in WordPress login form

3. Enable cloudflare for your website

4. Limit the wp-login.php access for specific IPs via .htaccess 

5. Password protect wp-login.php file via cPanel’s password protect option

6. Use “Brute Force Login Protection” plugin in your wordpress installation

7. Use a custom file name for the login page instead of “wp-login-php”

8. Implement 2-factor authentication

9. Use Google authenticator for wordpress

Hope any of this method will control brute force attacks on  your websites.