OJM Insight March 11, 2016
How secure are you from brute force attacks?
It seems an absurd thing to even acknowledge a form of beauty in some hacking attacks. The brute force attack commands no such acknowledgment as it has always been deemed one of the least elegant of attacks. Often associated with kiddie-scripters and the lesser experienced, the ever decreasing cost of processing power means that the more experience attackers can now put this attack vector to more effective use.
The iThemes security plugin from the good people over at iThemes has the most comprehensive set of tools to help you combat security attacks that we’ve seen from a free resource (from any paid for plugins for that matter). It boasts over 30 ways in which you can secure your install.
Once you have your defenses in place there are any number of pen tools to assist you in evaluating your WP resistance against these attacks, we are big fans of wpbf from Andres Tarantini. Andres has constructed a fantastically effective tool to help you test your install. It requires python and once up and running you can carry out a basic test with a very simple command:
$ ./wpbf.py http://www.mysite.com/
There are a multitude of optional arguments at your disposal which will enable you to construct a very polished and thorough audit. Be careful of false positives (not that there will be many) and once you’ve made a few fine tweaks of the iThemes security settings you’ll find you have an incredibly more robust install which will guard against the nasties.