Secure WordPress with a Captcha

update 2017-12-20: watch out for a Captcha version with a backdoor! WordPress security can be improved with plugins. Also from brute-force login attempts. Lately, a lot of brute force attacks are targeted against WordPress websites.

Extra WordPress Security Protection Against Brute Force Login Attempts #

You can add an extra security layer to your WordPress Login page by using a captcha plugin. A captcha prevents (protects against) brute-force login attempts. One of many is Captcha plugin by BestWebSoft. Please use Vevida Captcha now (dev-version).

This plugin is easy to install and configure, and translated into many languages.

Install WordPress Captcha plugin #

You can easily install the WordPress Captcha plugin in your WordPress back-end.

  1. Go to Plugins → Add New

  2. Fill out “Captcha” in the Search box and click Search Plugins
  3. In my case, the plugin I want is the first one by BestWebSoft, so simply click Install Now

    (click OK to install the plugin)

  4. When the plugin is downloaded and installed, click Activate Plugin

  5. You can manage the plugin settings in your Admin menu BWS Plugins

  6. Enter the settings you’d like. Note that I’ve unchecked the “Words” option, since this uses the WordPress language; with a Dutch version of WordPress you only get Dutch words like “zeven” and “acht”.

    Click Save Changes when you’re done.

  7. When you log out of WordPress and try to log in again, you’ll notice a Captcha form field, with our title “Fill in the form”:

All done! :)

Want to know more about brute-force attacks in WordPress? See how to protect WordPress from brute-force XML-RPC attacks and how to add a delay to your WordPress login form (particularly why a delay is not recommended).


Show your support


If you want to step in to help me cover the costs for running this website, that would be awesome. Just use this link to donate a cup of coffee ($5 USD for example). And please share the love and help others make use of this website. Thank you very much!


About the Author Jan Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.

follow me on:

Leave a Reply

Be the First to Comment!

avatar
  Subscribe  
Notify of