A brute-force attack is an attempt by the attacker to discover a password by trying a combination of letters, numbers, and symbols until he discovers the one correct combination that works. If successful, a brute force login attack enables the attacker to hack your account, log in to your site and steal information.
If your site does not require any login protection, you are a good target for a brute-force attack.
Shield's Brute Force Login Protection feature is designed to block brute force hacking attacks against your login and registration pages.
Brute Force Login Protection options explanations
Option: Protection Location
You can use this option to choose the forms for which bot protection measures will be deployed.
Learn more about Protection Location option here.
Option: Login Cooldown Interval
This option limits login attempts to every X seconds. The value you decide on here represents the time, in seconds, that WordPress will be forced to wait before processing any other login attempt after the previous attempt. Without a cool-down option, bots connecting from anywhere can try and authenticate with your site as much and as often as they can.
Note: WordPress will process only ONE login attempt for every number of seconds specified.
Zero (0) turns this off; Default: 10
Learn more about Login Cooldown here.
Option: Bot Protection
Learn more about what is GASP Protected WordPress Login here.
If you want to enable this option, click the slider.
Option: User Registration
This option applies Brute Force Protection to user registration and lost password.
When enabled, settings in this section will also apply to new user registration and users trying to reset passwords.
Option: 3rd-Party Support
This option helps you to add support for 3rd-party login, register, and password reset forms such as Woocommerce and Easy Digital Downloads.
To learn more about Brute Force Login Protection read our blog article here.