Brute force attacks are the most common occurring hacking attacks on a WordPress site. In these attacks, hackers try to log into your WordPress dashboard by using many combinations of username and passwords.
Everyone knows that the common WordPress admin URL is “wp-admin”. It can be said as a public login page, often found at example.com/wp-login.php. So, it is easy for hackers to get started with brute force attacks to gain access to your site by guessing your password through repeated trial and error method.
For this, you are recommended to activate Jetpack SSO. Single Sign On is used as a complementary sign-in option to your existing registration system.
It uses authentication part of WordPress.com. That means you will need to sign in into your site by a sign into your WordPress.com account to access the dashboard of your site. In this tutorial, I am gonna use Jetpack plugin to enable single sign on.
Features that Single Sign On provides:
- Support 2-factor authentication without requiring any additional plugin.
- Redirects all login attempts to WordPress.com and thus drastically reduces the load on your server and database.
- You can use it for your multiple sites.
Set up for WordPress Single Sign On:
- If you already have an account with WordPress.com then log into your account. If you do not have an account, then sign up from here.
- Now enable two-step verification for your account by using this link.
- Enroll your contact number so that WordPress will send a verification code via SMS each time while logging in into your account.
- Now, install and activate Jetpack plugin for your WordPress site. Next, click on the Connect to WordPress.com to set up a connection between your blog and your WordPress account.
- After this, go to Jetpack settings and enable SSO (“Single Sign On”) feature in Security tab.
- Now, login to your FTP account.
- Click on the current theme folder and edit the functions.php file by copy-paste the following line of code after the first line.
add_filter( 'jetpack_sso_bypass_login_forward_wpcom', '__return_true' );
This will redirect your existing login page to the WordPress.com’s login page.
- Now go to Users from your site’s dashboard and click on ‘Log in with WordPress.com.’
By doing this, you will link your WordPress.com account to the username that you’ve used to log into the site. This will completely disable the login form of your WordPress site. Read our complete guide to harden WordPress security.