WordPress may be a fairly secure platform, but it is not impossible for hackers to find a way through your defenses. You need to be vigilant and proactively monitor your site, server, scripts, and everything else to make sure hackers don’t find weaknesses in your server environment. Brute force attacks may not be always the most effective way to hack a site, but they do work. The good news is there are many plugins and tools you can use to combat against them:
NinjaFirewall: a web application firewall that protects against RFI, LFI, XSS, code execution, SQL injections, brute-force scanners, shell scripts, backdoors and other threats. It blocks suspicious bots / scanners and provides you with an activity log.
BulletProof Security: should not need any introduction. This is one of few plugins we have been recommending on this website for a couple of years now. It provides brute force login protection, secures your site, and logs errors. The pro version offers you a ton of ways to keep your site secure.
BruteProtect: a cloud-powered Brute Force attack prevention tool. It tracks every login attempt across all users of the plugin. It is multisite compatible too.
CloudFlare Threat Management: lets you manage banning, unbanning, and other activities across your entire CloudFlare account. It integrates with WordFence also.
Login Security Solution: tracks IP, name, and password attempts. It also requires strong passwords. It can notify you if an attack has been successful.
Rename wp-login.php: it is no secret that WordPress login pages get attacked a lot. You can always block all those attacks with a plugin like Limit Login Attempts. This plugin lets you intercept page requests.
Botnet Attack Blocker: this plugin blocks distributed botnet brute force attacks on your site. Lets you specify the number of login failures that triggers a lockdown. When a lockdown happens, only whitelisted IP addresses can bypass it.
All In One WP Security & Firewall: covers user accounts, login, database, registration, file system, and other security features. It also serves as a firewall.
Which plugins do you use for brute force attack protection? Please share them here.