Gil’s Security Tips Part 2 – How to avoid Bruce Force Attacks
Alicia: Hello everybody, welcome back. So last week I was asking Gil about his top security tips, and the first one he mentioned was scanners, specifically the Lynus scanner, Arachni scanner, and so today I wanted to ask him about a couple other tips. So what’s your second tip for security?
Gil: A really good tip that goes a long way is a brute force detection application. So that comes in the form of a plugin for WordPress, so you can find a really good app that you plug in to your WordPress and it will detect anytime someone’s trying to login repeatedly, and that usually is called a “brute force attack”, they just keep trying to guess your password.
Alicia: Okay so it’ll just give you an alert if they say “Hey someone’s been trying to login to your WordPress?”
Gil: Well it can be set up to give an alert, more importantly you want to set it up so it blocks the attacker after so many attempts. So for example, you might say if someone tries to brute force their way in 5 times in 30 seconds then block the IP for one day. Or, if you’re more paranoid, you might say even 2 attempts in 1 minute, but that’s a little bit restrictive.
Alicia: That could be you, you could mess up
Gil: That could be you, yeah then you can’t get in. So as far as exactly which plugin to use, you could use WordFence, I think WordFence has that built into it, but there are others that are less heavy than the WordFence plugin that are just doing one action, and that’s just brute force detection. So pick one that has a good rating that’s been around for a while.
Alicia: Okay that’s very helpful, thank you!