How to protect your website from brute-forcing (Really Advanced)

Hi everyone, today I'm going to share with you my method in blocking various brute-forcing attempts.

First, what is brutce-forcing?

A brute force attack is a trial and error method used by application programs to decode encrypted data such as passwords (Your Wordpress Admin password) or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

Ok, so...this is creepy, how do we prevent this?

• In this article, we will be installing two plugins, each one will do a different task, first plugin will let you choose how many login attempts until it blocks the IP of the user that is trying to access your panel, the second plugin will basically disable the use of VPN'S & Proxies, this means if the attacker got his IP banned, he won't be able to access your Admin page even with a VPN or a Proxy, cool right?

What is a VPN & Proxy?
Proxy and VPN service will allow you to re-route your internet traffic and change your IP, proxies and VPNs function slightly differently from each one.

Alright let's go into the juicy stuff!

Step 1: Install Wordfence Plugin

Step 2: Insert your email for security threats alerts and agree with the terms then hit continue:

Step 3: skip the premium, you do not need premium for this to function perfectely.

Step 4: from the side menu, choose Wordfence ---> Firewall:

Then choose the following option:

Step 5:
The most important step, open up Brute Force Protection tab, in the picture below, you can see my recommeded options, but this is up to you and what suits you best.

Once you've configured how many login failures until lock out and the other options, you've made your website 100% more protected, good job!

Now let's make it 200% more protected with a VPN & Proxy blocker which will make the attacker cry because he can't change his IP to try again.

Step 6: Install Proxy & VPN Blocker

That's it! no configuration needed for this plugin, everything is set! let's test it

I've entered my password 3 times incorrectly, this is what I got:

As you can see my IP is blocked in www.yourwebsite.com/wp-admin but the main website www.yourwebsite.com will work just fine!

When I tried to use a VPN: (even a PAID ONE)

You now have some really advanced security on your website, make sure to update those plugins whenever there's an update and you'll be good!

Thanks for reading and I hope you benefited from this topic.

Nader.