0
5
brute force attack
By Novatise
In Cloud server, Web Development
September 28, 2016

This article aims to help you against a very common security breach in your website: brute force attacks. These attacks are done by guessing your username and password many times and finally getting them right. It is obvious that these kinds of brute attacks cannot possibly be done by individuals but are performed by bots. These bots can try out various combinations in a matter of minutes. Therefore, they have the capability of trying many possible combinations even within hours. The following four things are necessary for a brute attack to be successful:

1) Knowledge of your username
2) Knowledge of your password
3) Availability of your login page
4) Possibility of trying hundreds of different username and password combinations

Taking care of at least one of the four above-mentioned things can make your website way more secure. However, taking care of all four can definitely make your website very safe and resistant against a brute force attack.

online attack

Following are some of the tips to protect WordPress websites against brute force attacks:

A login page that is Secure
Brute force attacks can be compared to infinite monkey theorem. According to this theorem, if a monkey hits the keyboard enough times randomly, the complete works of Shakespeare can be produced. Brute attacks work on this same principle. However, bots are way more sophisticated than monkeys and it is way easier to guess to words than an entire work of Shakespeare. So, enough trying can definitely lead to hacking. Obviously, some usernames and passwords would be more likely to be hacked sooner than others. The complex ones are more difficult so the following two tips can help greatly:

  • Admin as a username is a complete number: The long combination of special symbols, lower & uppercase, and numbers can be used to make a strong password.
  • Try moving your login page: Having a direct login page like www.sample.com/wp-admin is a login page that can be easily guessed by bots. Obviously, brute attacks need your login page so you can start by making a wp-login page to a more secure URL using free URL Plugin.
  • Set limits to login Attempts: If you only allow two or three attempts for trying both your username and password, it will be very difficult for bots to crack it. There are at least 2.8 trillion combinations just with all the letters and numbers. If you use upper or lowercase characters, that would add more to the total options leaving only a minuscule possibility of brute attacks with login restrictions. You can download free plugins for logging lock down on your website and limit the number of attempts

Some final words
Brute force attacks can be a grave threat to people who use WordPress. But following the above-mentioned simple steps can help you fight against most of these brute force attacks. All tips mentioned in the article are free to implement and it won’t take you more than just a few minutes. Feel free to share other tips for protecting websites against brute force attacks in the comments.

Share the post "HOW TO PROTECT FROM BRUTE FORCE ATTACK"

Novatise
Novatise
We help SMEs in Singapore to create digital solutions to increase sales and productivity. At Novatise, we work in a lean environment as such no sales person is involve. We deal with the customers directly to achieve growth and success.
cost of web development in singapore
January 20, 2018
A Guide to the Cost of Web Design and Development in Singapore 2018
comparison of squarespace wordpress
December 7, 2017
Squarespace or WordPress: What’s the best pick?
types of web development
November 26, 2017
Types of Web Development – Singapore Companies should be aware of

Comments are closed.

CONTACT US
Thank You. We will contact you as soon as possible.