zwol
New member
- Joined
- Apr 21, 2016
- Messages
- 4
- Points
- 0
You may be familiar with Brute Force Attacks if you use WordPress because this form of attack is always aimed at the common open source. What exactly is this method of attack? What is the harm of it, and how to prevent Brute Force Attack? Let's answer those questions now.
What is a Brute Force Attack?
Imagine a hacker holding a huge list of common usernames and passwords. They use these lists to send continuous attempts to log into your wp-login.php. If the accounts are wrong, it will skip the next and try another account. Their script will continue this process of trying every possible combination until they eventually gain access to your system. This method is often used to detect and gain access to the administrator account.
This is a brute force attack.
When are you susceptible to brute force attacks?
This form of attack is easy to prevent but these attacks are also commonly successful, if you do not protect your WordPress sites. Often you will be vulnerable to this type when:
You set the username as admin, administrator or similar.
Password is not secure, easy to guess, or your using popular password.
No security log path.
Do not change your password regularly.
How to prevent a successful Brute Force Attack?
To decrease the chances of a hacker successfully gaining access to your WordPress site by brute force attack, use the following checklist:
• Username is difficult to guess.
• Password length, strong, special characters, and is not related to the personal information.
• Limit the number of failed log.
• Secure log path.
• Change passwords regularly.
So if you need to protect yourself against brute force attack, we encourage you to use the following plugins:
Better WP Security Hides your log path and limits the number of incorrect login attempts.
Login Security Solution Makes it mandatory to use strong passwords, change passwords periodically, and also limits the number of login attempts.
BruteProtect - Block bad IP queries and brute force type data.
Limit Login attemps - simply limits the number of failed logins.
If you want more security, you can use KeyCaptcha to add a photo based Captcha to your login area.
Summary
Brute Force Attacks are very popular today, especially aimed at WordPress sites because WordPress account for 19% of websites world wide, while the other open source CMS's like Joomla & Drupal ccount for only 3 to 4%.
Make sure your website is protected against Brute Force Attacks to limit the likely hood someone can access your administrator account!
What is a Brute Force Attack?
Imagine a hacker holding a huge list of common usernames and passwords. They use these lists to send continuous attempts to log into your wp-login.php. If the accounts are wrong, it will skip the next and try another account. Their script will continue this process of trying every possible combination until they eventually gain access to your system. This method is often used to detect and gain access to the administrator account.
This is a brute force attack.
When are you susceptible to brute force attacks?
This form of attack is easy to prevent but these attacks are also commonly successful, if you do not protect your WordPress sites. Often you will be vulnerable to this type when:
You set the username as admin, administrator or similar.
Password is not secure, easy to guess, or your using popular password.
No security log path.
Do not change your password regularly.
How to prevent a successful Brute Force Attack?
To decrease the chances of a hacker successfully gaining access to your WordPress site by brute force attack, use the following checklist:
• Username is difficult to guess.
• Password length, strong, special characters, and is not related to the personal information.
• Limit the number of failed log.
• Secure log path.
• Change passwords regularly.
So if you need to protect yourself against brute force attack, we encourage you to use the following plugins:
Better WP Security Hides your log path and limits the number of incorrect login attempts.
Login Security Solution Makes it mandatory to use strong passwords, change passwords periodically, and also limits the number of login attempts.
BruteProtect - Block bad IP queries and brute force type data.
Limit Login attemps - simply limits the number of failed logins.
If you want more security, you can use KeyCaptcha to add a photo based Captcha to your login area.
Summary
Brute Force Attacks are very popular today, especially aimed at WordPress sites because WordPress account for 19% of websites world wide, while the other open source CMS's like Joomla & Drupal ccount for only 3 to 4%.
Make sure your website is protected against Brute Force Attacks to limit the likely hood someone can access your administrator account!
