For The Best User Experience Access The Website Via Chrome


Date Driven.
Creatively Powered.

How To Protect Your Website From Brute Force Attacks


Yesterday traffic was rolling in. Yesterday you were killing it on social media. Yesterday you told everyone and their mother to come back to your website tomorrow because you were giving a free guide that you’ve been working on for months. “Yesterday…all your troubles seemed to far away.” Today you got word that your website is down. And now just down – down, I mean effing DOWN. You can’t login to the backend and the URL is unresponsive. You are getting an “Error Establishing a Database Connection” warning, whatever the hell that means right? Today we’re going to talk about some steps you can take to protect your website from brute force attacks.

What is A Brute Force Attack?

Every day your website gets visitors. Unfortunately, some of these visitors are not real. Some of them are bots, hackers, spammers, idiots messing up your life. They are looking for weaknesses within your website. Once they find it they can hold your content hostage, cause your website to crash, cost you thousands of dollars in lost revenue.

What To Do If Your Website Is Attacked And Down?

First, contact your hosting provider. See what they recommend. Ask them if there is a temporary way to reboot your site. Ask them this. These guys have a ton of info they can provide, but the catch they generally don’t share it unless you ask for it.

Related Article:   Everything You Need To Know About Web 2.0

Our site uses DigitalOcean to host and to show you how easy it is to reboot our website, within their dashboard, is a simple power on / power off button. This resets our site and gets us back online when we are attacked.

DigitalOcean Power Off

Keep in mind the risks and warnings here about losing your data. With that said, losing data vs losing business. You need to make a choice in a pinch this could get you back online.

How To Protect Your Website From Brute Force Attacks

Ideally, you are able to reboot. From there I’m going to share a couple WordPress plugins you can use to protect your website from brute attacks.

1. The First Line of Defense Against Brute Force Attacks: Jetpack


To install Jetpack login into your WordPress site, go to your dashboard and located “Plugins.”

Add Plugin Jetback

You’ll type in Jetpack and download it. This is FREE to download. From here you’ll get a notification about setting up Jetpack. It’s pretty straight forward.

You create an account:

Jetpack Account

After this is setup it’s time to turn on security settings. We recommend turning on the two fields in red. The first will deflect brute attacks. The second will send you an alert IF your website is ever down.

Related Article:   How To Run An SEO Audit On Your Website

Jetpack Settings

You’ve successfully have the first line of defense up.

2. The Second Line of Defense Against Brute Force Attacks: Wordfence

Wordfence Banner

Wordfence is another FREE WordPress plugin. To setup follow the steps above to add a New Plugin, locate Wordfence and download. From here you get to play with security features.

We recommend starting with Live Traffic. To get here, go to your dashboard, Wordfence then selects “live Traffic.”

Wordfence Live Traffic

From here it’s all about common sense. I’m going to assume your website is based in America. I’m also going to assume you don’t have customers outside of the America. Stop outside traffic if that is the case.

I’ve highlighted a couple fields to take note of. We don’t do marketing for China so it makes sense to block this IP address. We can do that easily by selecting block.

Or if you want to mass block locations select “Top Consumers” to show where most hits are coming from.


This morning we’ve had 28 hits from Ukraine. We don’t market to Ukraine. So all we have to do is select block and that will prevent them from getting access to our site.

Related Article:   The Ultimate Google Ranking Factor List

Wordfence Top Consumers

3. The Third  Line of Defense Against Brute Force Attacks: Wordfence Options

To get here go to your dashboard, it will be the final tab.

Wordfence Options

What I love about this feature are the endless options.

We recommend checking off the following:

Login Security 1

Login Security Options is AWESOME. You just have to scroll down a little to see these options. From here you can update these settings to anything you want. We have a practice of tweaking lockout times periodically.

4.  The Fourth  Line of Defense Against Brute Force Attacks:BackWUp  

You want to have a complete backup of your website. You want to have these backups regularly. If you are ever under attack and need to revert back to old data you have it.

We have a detailed guide on how to set this up here:

-Treehouse 51

PS. We live in a world where attacks happen 24/7. You can’t hide from these. But you can take measures to protect yourself as much as possible. Do so. Put up security measures to protect your website from brute attacks. For more info on how to protect yourself poke around our website and we’ll see what we can do.