We have managed fixed a major security concern of WordPress on our server. wp-login.php brute force attack is a very common attack made on WordPress websites. Launching a brute force attack on a site is relatively easier than any other kinds of attack. To launch a brute force attack on a site that logs into a user account, one just need to send the login form POST requests with the guessed username and password continuously to the website.
In case of WordPress, the POST request with the guessed username and password is made to
wp-login.php file again and again which causes heavy load on the hosted server.
HostBigSpace have worked with Softaculous team and managed to find a one shot solution to end the wp-login.php load issue on server.
Softaculous designed a script for us, which would install “Loginizer” plugin in all wordpress installations and activate the plugin as well. Loginizer will Limits the number of allowed login attempts for an IP Address. Therefore, when multiple requests are sent by bots, It will automatically block its IP and prevent load on server.