Sysadmins of the North
Don't forget to share this post!

Secure WordPress with a Captcha

update 2017-12-20: watch out for a Captcha version with a backdoor! WordPress security can be improved with plugins. Also from brute-force login attempts. Lately, a lot of brute force attacks are targeted against WordPress websites.

Extra WordPress Security Protection Against Brute Force Login Attempts

You can add an extra security layer to your WordPress Login page by using a captcha plugin. A captcha prevents (protects against) brute-force login attempts. One of many is Captcha plugin by BestWebSoft. Please use Vevida Captcha now (dev-version).

This plugin is easy to install and configure, and translated into many languages.

Install WordPress Captcha plugin

You can easily install the WordPress Captcha plugin in your WordPress back-end.

  1. Go to Plugins → Add New, and
  2. Fill out “Captcha” in the Search box and click Search Plugins
  • In my case, the plugin I want is the first one by BestWebSoft, so simply click Install Now

  • (click OK to install the plugin)

  • When the plugin is downloaded and installed, click Activate Plugin


  • You can manage the plugin settings in your Admin menu BWS Plugins


  • Enter the settings you’d like. Note that I’ve unchecked the “Words” option, since this uses the WordPress language; with a Dutch version of WordPress you only get Dutch words like “zeven” and “acht”.
    This may interest you:   Joomla websites abused as open proxy for Denial-of-Service attacks


  • Click Save Changes when you’re done.

  • When you log out of WordPress and try to log in again, you’ll notice a Captcha form field, with our title “Fill in the form”:
  • All done! 🙂

    Want to know more about brute-force attacks in WordPress? See how to protect WordPress from brute-force XML-RPC attacks and how to add a delay to your WordPress login form (particularly why a delay is not recommended).

    buy me a coffee
    Buy Me A Coffee

    About the Author Jan Reilink

    My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, WordPress, websites & optimization. Want to support me and donate? Use this link:

    follow me on:

    Leave a Comment:

    1 comment
    Add Your Reply
    Skip to content