According to Wikipedia, a brute force attack is a method of defeating a cryptographic scheme, by systematically trying a large number of possibilities. Due to the success of WordPress, hackers have tools to try and discover your administrator password.
A great way to get protected from brute force attacks is to use HTTP authentication. When someone tries to access the wp-login.php
file, a pop up window, created by the server, will be launched asking for a password. With no password, the person attempting to view the wp-login.php
file will never be able to see it.
In my opinion, HTTP authentication is the best method of protection against brute force attacks (Internet bots wont be able to fill the fields of the server-generated pop up window), even though you'll then have to log in twice (one for the HTTP authentication and once for WordPress).
An HTTP authentication can be set manually. However, it is much...