WordPress remains a very secure and stable blogging platform, but there is more that can be done out of the box to help protect your private data. There are many simple steps that can be taken, even by the inexperienced blog owner and a multitude of plug-ins available that can help. Once something to be particularly aware of is brute force attacks. Brute force login attempts are one of the more common, rather annoying and potentially dangerous types that can occur.
Brute force happens when an attacker targets the login screen for your blog and repeatedly attempts to guess the username and password to gain access. By default, WordPress allows you to type in incorrect usernames and passwords infinitely. Since there is nothing to stop the attacker, they can try for minutes or hours entering a dictionary list of names and simple passwords in the hope of just stumbling up the correct one. Installing something as simple as the "Login Lockdown" plug-in can combat this.
The plug in works by limiting the number of attempts you can make to enter your username and password in a given timeframe (typically 3 tries in a 5 minute period). Once that limit is reached, the IP address of the potential attacker is blocked for up to an hour. This is usually enough to discourage the would be hacker and make them move on to a different target. There are many plug-ins that can do this, but we recommend the plugin is recommended for three reasons:
- Easy to set up
- Easy to administrate
- It just plain works!
Source by Brian Yurick