5 Ways to Repel a Brute Force Attack

Brute Force attacks are a way of guessing your password. Hackers use automated ‘robots’ to discover username and password combinations to exploit your website. Here are some useful tips that we can all use to protect your website.
Brute Force attacks are a way of guessing your password. Hackers use automated ‘robots’ to discover username and password combinations to exploit your website. Here are some useful tips that we can all use to protect your website.

Brute Force attacks are a way of guessing your password. Hackers use automated ‘robots’ to discover username and password combinations to exploit your website. Here are some useful tips that we can all use to protect your website.

During a Brute Force attack, a hacker will systematically check an unlimited number of passwords until a correct combination of username and password is found and your site becomes compromised. Some servers can go through one-thousand combinations of username and password per minute – which means that these hacking robots can cover a lot of ground quickly.

What this means for anyone owning a website, or anywhere on the web, is that if you use a weak password then it will be guessed fast. Weak passwords are commonly used phrases, that are usually tried first by automated brute force bots: ‘qwerty’, ‘Password’, ‘123456’, ‘letmein’, ‘admin’.

In recent study, nearly 10% of the population have used a weak password at some stage. If you are one of them, then it’s time to change your password fast. You can beat brute force attackers, and keep your website secure by following a few important principles:

  1. Use strong and complex passwords, with a combination of uppercase, lowercase, numbers and symbols.
  2. Don’t ever reuse your password across multiple systems. Once your password has been compromised in one location, an attacker will have access to any system using the same combination of username and password.
  3. Never use ‘admin’ as your username.
  4. Use software to limit the number of login attempts. Such software can ban hacks from an IP address, or at least limit their progress by giving users a time-out for failed password attempts.
  5. Use ‘two factor’ authentication – this is a combination of password an access token. Using a tool like Google Authenticator to give you a unique code to access your website, in addition to your password.

Installing security software can help you as well. There are a number of packages that can be installed and configured to reduce the impact of brute force attacks on your server.

 

Social engineering, like this example in the video, is another very effective way of learning your password. So beware of tricks and never give away any personal information to strangers, especially when there’s a camera pointing in your face. If you feel you could be caught easily off-guard, have a phrase handy like “If I told you that then my password wouldn’t be secure.”

There are simple ways to protect yourself from brute force attacks. When you purchase a WordPress Protection Plan from Asporea, we include software that will increase security as well as limit the impact of brute force attacks on your server. Packages start from $14.95 per month and also include free core, plugin, and theme updates and regular off-site backups.

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Leave a Comment

* Checkbox GDPR is required

*

I agree

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Why A Shared Server is not Good Enough for WooCommerce

A Virtual Private Server will give you an astronishing breakthrough in WooCommerce speed. Find out how smart clients are geting favourable results right now with Asporea VPS.

GDPR and Doing File Sharing Responsibly

In a world now obliged by European GDPR laws, have you considered privacy when it comes to the use of file sharing apps like Dropbox or WeTransfer?

Emerging Web Design Trends in 2019

In 2019 we are seeing the emerging trends for web design and the impact they’ll have on how your old website is perceived.

7 Things We Want to Know Before We Build Your Website

Yes, your developer should have a portfolio of work, but if they fail to take an interest in you it won’t end well. Why? Because they’ll be building your website from their point of view, not yours.

WAIT! BEFORE YOU GO

WANT TO SUBSCRIBE?