5 Ways to Repel a Brute Force Attack

Brute Force attacks are a way of guessing your password. Hackers use automated ‘robots’ to discover username and password combinations to exploit your website. Here are some useful tips that we can all use to protect your website.

During a Brute Force attack, a hacker will systematically check an unlimited number of passwords until a correct combination of username and password is found and your site becomes compromised. Some servers can go through one-thousand combinations of username and password per minute – which means that these hacking robots can cover a lot of ground quickly.

What this means for anyone owning a website, or anywhere on the web, is that if you use a weak password then it will be guessed fast. Weak passwords are commonly used phrases, that are usually tried first by automated brute force bots: ‘qwerty’, ‘Password’, ‘123456’, ‘letmein’, ‘admin’.

In recent study, nearly 10% of the population have used a weak password at some stage. If you are one of them, then it’s time to change your password fast. You can beat brute force attackers, and keep your website secure by following a few important principles:

  1. Use strong and complex passwords, with a combination of uppercase, lowercase, numbers and symbols.
  2. Don’t ever reuse your password across multiple systems. Once your password has been compromised in one location, an attacker will have access to any system using the same combination of username and password.
  3. Never use ‘admin’ as your username.
  4. Use software to limit the number of login attempts. Such software can ban hacks from an IP address, or at least limit their progress by giving users a time-out for failed password attempts.
  5. Use ‘two factor’ authentication – this is a combination of password an access token. Using a tool like Google Authenticator to give you a unique code to access your website, in addition to your password.

Installing security software can help you as well. There are a number of packages that can be installed and configured to reduce the impact of brute force attacks on your server.


Social engineering, like this example in the video, is another very effective way of learning your password. So beware of tricks and never give away any personal information to strangers, especially when there’s a camera pointing in your face. If you feel you could be caught easily off-guard, have a phrase handy like “If I told you that then my password wouldn’t be secure.”

There are simple ways to protect yourself from brute force attacks. When you purchase a WordPress Protection Plan from Asporea, we include software that will increase security as well as limit the impact of brute force attacks on your server. Packages start from $14.95 per month and also include free core, plugin, and theme updates and regular off-site backups.

Share on facebook
Share on twitter
Share on linkedin

Why Everyone is Talking About Gutenberg

Gutenberg is a major upgrade for WordPress which could be released as soon as August 2018. The development team are positioning this latest generational update as a new content creation experience for the world’s leading CMS platform.

Read More

How to build loyal website visitors

How do you attract visitors to your website? Search engine optimisers say you need a content marketing strategy, and that’s true, but as you’ll see as you read on, it’s only one piece of the puzzle.

Read More