I've just watched this video which shows the attacker bruteforcing both usernames and passwords. How can this be achieved without hitting any limit rate? Does it mean that WordPress doesn't provide any limitations by default?
Asked
Active
Viewed 727 times
1 Answers
2
By default, there is no rate limiting in regards to login attempts on WordPress, you must install a plugin to allow enable such a feature. From I can see (Via using Google) a good plugin to do this is here, this plugin allows you to better control login attempts.
Please read the following article on how to configure it here
-
1Downvote to indicate that you feel there was a lack of research effort. No need to include that in your answer. – schroeder May 24 '18 at 11:28
-
1One should also consider a reCAPTCHA plugin. – user1133275 May 24 '18 at 14:30
-
Yes, that is possibly a good idea too. – May 24 '18 at 14:33