Brute force attacks use the simplest method of accessing a site: by trying to guess usernames and passwords, over and over, until they are successful. WordPress sites are prone to this form of attack by default because the system allows users unlimited login attempts.
Using a WordPress security plugin like iThemes Security provides brute force protection by allowing you to adjust login limits. The host user will be banned after the specified incorrect login threshold is reached.
iThemes Security uses two different methods of WordPress brute force protection: local and network.
- Local brute force protection only looks at attempts to access your site. Users will be banned according to the lockout rules specified locally on your WordPress site.
- Network brute force protection goes a step further by prohibiting users who have attempted to break into other sites from breaking into your site.