Brute force attacks are the most common occurring hacking attacks on a WordPress site. In these attacks, hackers try to log into your WordPress dashboard by using many combinations of username and passwords.
Everyone knows that the common WordPress admin URL is “wp-admin”. It can be said as a public login page, often found at example.com/wp-login.php. So, it is easy for hackers to get started with brute force attacks to gain access to your site by guessing your password through repeated trial and error method.
For this, you are recommended to activate Jetpack SSO. Single Sign-On is used as a complementary sign-in option to your existing registration system.
It uses the authentication part of WordPress.com. That means you will need to sign in into your site by a sign into your WordPress.com account to access the dashboard of your site. In this tutorial, I am gonna use the Jetpack plugin to enable a single sign-on.
Features that Single Sign-On provides:
- Support 2-factor authentication without requiring any additional plugin.
- Redirects all login attempts to WordPress.com and thus drastically reduces the load on your server and database.
- You can use it for your multiple sites.
Set up for WordPress Single Sign-On:
- If you already have an account with WordPress.com then log into your account. If you do not have an account, then sign up from here.
- Now enable two-step verification for your account by using this link.
- Enroll your contact number so that WordPress will send a verification code via SMS each time while logging in into your account.
- Now, install and activate the Jetpack plugin for your WordPress site. Next, click on the Connect to WordPress.com to set up a connection between your blog and your WordPress account.
- After this, go to Jetpack settings and enable SSO (“Single-Sign-On”) feature in the Security tab.
- Now, login to your FTP account.
- Click on the current theme folder and edit the functions.php file by copy-paste the following line of code after the first line.
add_filter( 'jetpack_sso_bypass_login_forward_wpcom', '__return_true' );
- This will redirect your existing login page to the WordPress.com’s login page.
- Now go to Users from your site’s dashboard and click on ‘Login with WordPress.com.’
By doing this, you will link your WordPress.com account to the username that you’ve used to log into the site. This will completely disable the login form of your WordPress site. Read our complete guide to harden WordPress security.