May 31, 2021 at 8:27 am #523
No, WordPress on its own is vulnerable to brute force login attempts.
Some good examples of actions performed to protect a WordPress installation against brute force are:
- Do not use the “admin” username, and use strong passwords.
- Password protects “wp-login.php”.
- Set up some server-side protections (IP-based restrictions, firewall, Apache/Nginx modules, etc.)
- Install a plugin to add a captcha, or limit login attempts.