This is the best plugin I have used to mitigate bruteforce attacks.
It returns 403 error codes for admin login failures, xmlrpc login failures and 404 code for non used wp-login. This is exactly what is needed to detect and block attacking IPs when used in conjunction with the server application fail2ban and configserver firewall.
For those without fail2ban and cfs the plugin has a web application firewall to block attacking IPs for each wp installation separately.
After installing this plugin two other plugins became redundant…
– Disable XMLRPC (I only used this because xmlrpc was vulnerable to bruteforce attack)
– WPS Hide login (wp-cerber also does this)
- The topic ‘Approaches brute force management in a logical way’ is closed to new replies.