HomeSecurity

Brute Force Attack Se WordPress Site Protect Kaise Kare [10 Tips]

Like Tweet Pin it Share Share Email

brute force attack safety

Aapne Brute force attack ke bare me internet par kayi articles read kiye honge. Kya aap wordpress site owner hain? kya aapko pata hai brute force attack se wordpress site ko kaise protect kare? Agar nahi to yah article maine specially aapke liye likha hai.




WordPress ek software hai bilkul doosre software ki tarah jisko hum hosting server par install karte hain aur manage karte hain.

Jis tarah koi bhi software me security ko lekar issues hote hain, wordpress me bhi kuch aisa hai. Agar safety ko dhyaan me na rakha jaye to aap hacking ka target ban sakte hain.

WordPress me sabse jyada agar koi attack hota hai to wo hai – Brute force attack.

Kya Hai brute Force Attack?

Hackers aapki site me login karne ke liye jab alag-alag login ID and password bar-bar use karta hai to isko hum brute force attack kahte hain.

Is tarah ke attack me hackers kayi tarah ke software use karte hain jo automatic thousands passwords and login ID create karte hain aur automatically aapke login page par wo ID and password add kar login karne ki kosis karte hain.




Aksar new wp users jo apna password weak rakhte hain like 12334, abcd123 – aise users ki website brute force ka target ho jati hai aur easily hack kar li jati hai.

Yahi nahi agar aapka wordpress user name Admin or dictionary ke kisi words se related hai to bhi aapki site hack hone ka chance rahta hai jise hum brute force attack kahte hain.

WordPress Site ko Brute Force Attack se Protect kare

Don’t worry aapko tension lene ki jarurat nahi hai, aap kuch steps follow karke brute force attack se apni wordpress site ko protect kar sakte hain. Follow below steps:-

1) Admin or easy User name Na Rakhe

Agar aapka User name Admin or dictionary ka koi word hai, to aapki site on risk par hai. Ji ha abhi login kare apne wordpress Dashboard par aur ek strong user name rakhe.

Aap User name bahut easily change kar sakte hain. Follow my this guide to change user name easily.

Actually hackers software ki help se kafi user ID generate kar lete hain, agar aapki ID usme se ek hai to bus hackers ka kaam ho gaya. Isliye user name ko aisa rakhe jo koi soch bhi na sake.

2) Strong Password mean more secure

8% wordpress site weak passwords ki wajah se hack ki jati hain. Kuch lazy users apna password 123445 number series me, ya for abcdef alphabet me rakh dete hain jo weak passwords category me aate hain.




Hamesha apna password strong rakhe, strong ka matlab hai password me capital letter, small letter, numbers, (!@#$&?%) Special characters ka use kare.

Strong password: {g(+2Fi3I6r2=uF

Aap online password generator tools use kar sakte hain, Google it. Aap password manager ka use kar sakte hain.

3) Use Jetpack plugin

Automattic team ki banayi gayi Jetpack – all-in-one plugin hai jo kayi features ke sath available hai. Most of wordpress users iska use karte hain, aapko bhi karna chahiye.

Jetpack me brute force attacks ko stop karne ke liye “Protect” feature available hai jo aapki site ki security k improve karti hai.

Protect feature ko enable karne ke liye jetpack settings me jaye and protect feature par Activate par click kare.




jetpack protect

4) Use Limit Login Attempt Plugin

Limit login karne se agar koi hacker aapki site ko baar-baar wrongs user name or password enter kar login karne ki kosis kar raha hai to uska IP address block ho jayega.

login limit

Aap limit login plugin ka use karke login limit set kar sakte hain, jaise hi koi limit ko cross karega uska IP address block ho jayega.

Login limit karne se kafi had tak aap Brute force attack se apni site safe rakh sakte hain.

WordPress me Limit login karne ke liye popular plugin available hain jo aap install kar sakte hain:-




  1. Wp limit login attempt
  2. Loginizer
  3. Login Lockdown

5) Use Firewall security plugin

WordPress par iTheme security, Wordfence security, Bulletproof security jaise popular security plugin hain jo aapki site ko sabhi tarah ke hacking attempt se protect karti hai.

Aap koi bhi plugin apni site me install kar sakte hain, sabhi free available hain. Wordfence ka review maine post kiya hai jaha aap iski features ko dekh sakte hain.

Agar aap apni site ki security ko lekar aur jyada carrying hain to aap in plugins ka premium version buy kar sakte hain, jo advanced protection features ke sath available hai.

6) Hide wp-admin/wp-login URL

By default wordpress login URL sabhi wordpress site ka kuch aisa hota hai:-

yoursite.com/wp-admin.php OR yoursite.com/wp-login.php

Ab hackers ko to aapka login address pata hai, mean usko bus aapki User ID and password guess karna hai.

Ab agar aap apna Login address change kar de to hackers ko sabse pahle aapka login address pata karna padega, jo ki impossible hai agar aapne strong login URL set kiya hai.

Login URL change karne ke baad aapa Login address kuch aisa hoga:-

yoursite.com/r0hit-p

Mean wo-admin or wp-login ki jagah aap apna secret word enter kar sakte hain, as you wish.

Login URL change karne ke liye WPS Hide login plugin ka  aap use kar sakte hain. itheme security plugin me bhi yah feature available hai.

7) Use Cloudflare Free CDN

Cloudflare CDN aapki site par Spam visitors ko stop karta hai, brute force attack and other malicious activity se site safe rakhta hai aur sath hi CDN service se aapki site ki speed ko optimize karta hai.

Cloudflare ka free plan lagbhag sabhi website use karti hai, agar aap iska use nahi kar rahe to abhi apni site me Cloudflare activate kare.

Cloudflare ko apni site me aap apne Hosting ke Cpanel se activate kar sakte hain Bluehost, hostgator, siteground and other hosting provider aapko free cloudflare ki feature Cpanel me provide karte hain.

Agar aapki hosting Cpanel me clouflare provide nahi karti hai to aap manually bhi cloudflare ka setup kar sakte hain.

8) Block insecure IP Address

Russia, nigeria and other countries se sabse jyada hacking attempt ki jati hain, agar aapko kisi Ip address ko block karna hai jo aapki site ke liye insecure hai to aap aise IP address jo block kar sakte hain.

Ip address block karne je liye aap Hosting ke Cpnel ka use kar sakte hain. Cpanel me aapko IP Deny manager me click karna hai, yaha aap koi bhi IP address ko block kar sakte hain.

Read: Cpanel se IP address block kaise kare?

Aap Wordfence plugin ka use karke kisi bhi IP address ko track kar Block kar sakte hain, aap plugin ke premium version me kisi bhi country ko block kar sakte hain.

9) Use 2-factor Authentication

Google 2-step verification ke bare me to aapne suna hoga jisme jab bhi aap new device me apne Google Account par login karte hain to aapko OTP enter karna padta hai jo aapke mobile number par receive hota hai.

Kuch aisa 2 factor authentication aap apni wordpress site me set kar sakte hain.

WordPress me Google Authenticator plugin se aap Google 2 step verification feature apni site me enable kar sakte hain.

Main aapko suggest karunga ki is feature ka use jaroor kare agar aapko apni site ko more secure karna hai.

10) Password protect Admin Directory

Aap jab apne wordpress site me login karte hain to direct user name and password enter karke aap apne dashboard par login karte hain.

Ab agar aapko login URL (yoursite.com/wp-admin.php) me bhi enter karne ke liye user ID and password enter karna pade to?

Aisa karne se aap advance second security layer apni site ki safety ke liye set karte hain. Aap apni WP admin directory ko password protect banakar 2 layer security set kar sakte hain.

Wp admin directory password protect banane se koi bhi unauthorized user aapke login URL par visit karega to usko password and user ID enter karne ke liye kaha jayega, Look example

Final words

I hope is articles me maine jo bhi brute force attacks se site safe rakhne ki security tips provide ki hai wo aapne apni wordpress site me implement ki hongi. Nahi ki to ab kar lijiye kyon ki “prevention is better than cure “

Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *