update 2017-12-20: watch out for a Captcha version with a backdoor! WordPress security can be improved with plugins. Also from brute-force login attempts. Lately, a lot of brute force attacks are targeted against WordPress websites.

Extra WordPress Security Protection Against Brute Force Login Attempts

You can add an extra security layer to your WordPress Login page by using a captcha plugin. A captcha prevents (protects against) brute-force login attempts. One of many is Captcha plugin by BestWebSoft. Please use Vevida Captcha now (dev-version).

This plugin is easy to install and configure, and translated into many languages.

Install WordPress Captcha plugin

You can easily install the WordPress Captcha plugin in your WordPress back-end.

  1. Go to Plugins → Add New

  2. Fill out “Captcha” in the Search box and click Search Plugins

  3. In my case, the plugin I want is the first one by BestWebSoft, so simply click Install Now

    (click OK to install the plugin)

  4. When the plugin is downloaded and installed, click Activate Plugin

  5. You can manage the plugin settings in your Admin menu BWS Plugins

  6. Enter the settings you’d like. Note that I’ve unchecked the “Words” option, since this uses the WordPress language; with a Dutch version of WordPress you only get Dutch words like “zeven” and “acht”.

    Click Save Changes when you’re done.

  7. When you log out of WordPress and try to log in again, you’ll notice a Captcha form field, with our title “Fill in the form”:

All done! :)

Want to know more about brute-force attacks in WordPress? See how to protect WordPress from brute-force XML-RPC attacks and how to add a delay to your WordPress login form (particularly why a delay is not recommended).

This may interest you:   Add a delay to your WordPress login form