Brute force attacks refer to a trial and error method used to discover username and password combinations in order to hack into a website. The brute force attack method exploits the simplest form of gaining access to a site: by trying to guess usernames and passwords, over and over again, until they’re successful.
How Brute Force Attacks Work
The brute force attack process is often referred to as exhaustive search. An attacker will systematically check unlimited passwords until the correct one is found.
Software has been developed to aid an attacker in this process. Success depends on the computing power and number of combinations attempted.
Depending on your server settings, an attacker can go through 1000 different password variations in a minute.
Ways to Prevent Brute Force Attacks
As a user on a website, you are more dependent on the security measures that have been taken by the website owner. One thing you can control is the strength of the password you create.
Website User Tips:
- Make a habit of using a different password for every site you use.
- Use a combination of lower and uppercase letters, symbols and numbers.
- Change your passwords often. Change it immediately if a company, you have a registered online account with, informs you they were hacked or compromised.
- Although it is convenient, avoid “Log in with Facebook” or other social media platforms.
Website Developer Tips:
- Limit the number of login attempts.
- Use a captcha for logins.
- Offer a two-factor authentication login option.
WordPress Website Owner Tips:
- Do not use ‘admin’ as your username.
- Pay attention to the strength meters provided when creating a password and make sure yours is adequate.
- Install a WordPress security plugin such as iThemes Security
- Activate WordPress brute force protection.
Are Your Passwords Providing Good Security?
Using strong passwords for all your logins is one of the best online security practices you can develop.
