Secure WordPress with a Captcha

update 2017-12-20: watch out for a Captcha version with a backdoor! WordPress security can be improved with plugins. Also from brute-force login attempts. Lately, a lot of brute force attacks are targeted against WordPress websites.

Extra WordPress Security Protection Against Brute Force Login Attempts #

You can add an extra security layer to your WordPress Login page by using a captcha plugin. A captcha prevents (protects against) brute-force login attempts. One of many is Captcha plugin by BestWebSoft. Please use Vevida Captcha now (dev-version).

This plugin is easy to install and configure, and translated into many languages.

Install WordPress Captcha plugin #

You can easily install the WordPress Captcha plugin in your WordPress back-end.

  1. Go to Plugins → Add New

  2. Fill out “Captcha” in the Search box and click Search Plugins

  3. In my case, the plugin I want is the first one by BestWebSoft, so simply click Install Now

    (click OK to install the plugin)

  4. When the plugin is downloaded and installed, click Activate Plugin

  5. You can manage the plugin settings in your Admin menu BWS Plugins

  6. Enter the settings you’d like. Note that I’ve unchecked the “Words” option, since this uses the WordPress language; with a Dutch version of WordPress you only get Dutch words like “zeven” and “acht”.

    Click Save Changes when you’re done.

  7. When you log out of WordPress and try to log in again, you’ll notice a Captcha form field, with our title “Fill in the form”:

All done! :)

Want to know more about brute-force attacks in WordPress? See how to protect WordPress from brute-force XML-RPC attacks and how to add a delay to your WordPress login form (particularly why a delay is not recommended).


Please Support Saotn.org

Each post on Sysadmins of the North takes a significant amount of time to research, write, and edit. Therefore, your donation helps a lot! For example, a donation of $3 U.S. buys me a cup of coffee, and as you know: things jsut work better with coffee. A $10 U.S. donation buys me one month of web hosting (yes, hosting costs money). But seriously, thank you for any amount. Much appreciated!

Please donate to support this site if you found a post interesting or if it helped you solve a problem. Thanks! (Tip: no Paypal account required)

If you appreciated this post, then please donate using this Paypal button


I thought you might find this interesting:   WordPress Plugin Vulnerability Dump - Part 1

Jan Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.

Leave a Reply

Be the First to Comment!

Hi! Join the discussion, leave a reply!