How to protect WordPress login against Brute Force attack for customers on Linux Plesk VPS ?


How to protect WordPress login against Brute Force attack for customers on Linux Plesk VPS ?

Plesk is a well-known web solution for the operation of the control panel which is gradually becoming the preferred option for the organisations hosted by a web server. It provides distinctive features to the webmasters so that taking care of any websites comes out to be at ease. The configuration and application are simplified in execution which in turn fetches the host providers to carry on the virtual dedicated hosts to operate on a single machine with not many efforts involved.

With the help of Plesk, managing the simple operative tasks of managing the web content, file management, creating mailbox setups all turns up to be handy. The availability to be functional in many languages and across many countries has popularised its presence globally. The quality of bridging up the lengthy processes and turning them into a more simplified manner has attracted its usage and has increased its demands eventually. Many versions of the operating system run with ease using the platform of Plesk.

brute-force-attackWordPress sites when being opened on the Linux platform also have the concerns in regards to the authentication and threat to their verification processes. There are ways to include certain methodologies to incorporate safe logins to such sites providing a better off security to the system on which it is implemented. It creates an extra barricade to the login page. Below are few points which highlight the usage of creating that extra protection to ensure safety and security with Plesk:

1. The foremost step to be followed for its execution is the creation of the user. A setup pattern is followed to create and enable the user to have an access to utilize the details and log on the page.

Every domain maintains a directory; the details with which the user creates its login are stored in the directory as to enable the process of creating the secured passwords in the directory itself. Virtual servers are created which dedicatedly serve the process of login by the user with the use of protocols which are cryptographic in nature. After through with the process of login, mention the following in the command line:

if the information has to be written again and again or if the file does not prevail in the system then only the command’-C is taken into consideration.

If number of users to be increased belonging to the same file, then it can be done using the same command, only difference this time will be without the usage of ’-c’

After the following command is accepted by the system once the enter button is pressed, the password will be demanded to be entered. The requirement of the additional process of the layer is only to ensure that the system and login details are dogged back with foolproof security system and thus one should always opt to choose strong passwords to disable the loss of information as a resultant of cybercrimes.

linux-server1After all, the information required with respect to the login details and pressing the enter button, what displays on the screen sequentially are as follows:

New password:
Re-type new password:
Adding password for user wp user

2. The next we land up into reorganising .htaccess file for the WordPress domain so as to finalise which user will finally be allowed to gain the opportunity to log in to the web page.

The below-mentioned command will be able to create a file even if there is no existence of the file in the directory.

There are various options available with the text editors and any of them can be used accordingly.

The path which is taken into account to create the WordPress file should be taken properly and correctly. Once this .htaccess file is opened, the contents which exist in this file should be replaced according to the ones required as mentioned below:

The complete process which is mentioned above with the commands used is followed to ensure that the logins which are done by the users in the .htpasswd file are allowed to get the access. Whenever there is a requirement to access the WordPress admin, these detailed are needed to be called back so one needs to save them thoroughly.

Share this post