brute-force-attacksBrute force attacks refer to a trial and error method used to discover username and password combinations in order to hack into a website. The brute force attack method exploits the simplest form of gaining access to a site: by trying to guess usernames and passwords, over and over again, until they’re successful.

How Brute Force Attacks Work

The brute force attack process is often referred to as exhaustive search. An attacker will systematically check unlimited passwords until the correct one is found.

Software has been developed to aid an attacker in this process. Success depends on the computing power and number of combinations attempted.

Depending on your server settings, an attacker can go through 1000 different password variations in a minute.

Ways to Prevent Brute Force Attacks

As a user on a website, you are more dependent on the security measures that have been taken by the website owner. One thing you can control is the strength of the password you create.

Website User Tips:

  • Make a habit of using a different password for every site you use.
  • Use a combination of lower and uppercase letters, symbols and numbers.
  • Change your passwords often. Change it immediately if a company, you have a registered online account with, informs you they were hacked or compromised.
  • Although it is convenient, avoid “Log in with Facebook” or other social media platforms.

Website Developer Tips:

  • Limit the number of login attempts.
  • Use a captcha for logins.
  • Offer a two-factor authentication login option.

WordPress Website Owner Tips:

Are Your Passwords Providing Good Security?

Using strong passwords for all your logins is one of the best online security practices you can develop.