Brute Force attacks are a way of guessing your password. Hackers use automated ‘robots’ to discover username and password combinations to exploit your website. Here are some useful tips that we can all use to protect your website.
During a Brute Force attack, a hacker will systematically check an unlimited number of passwords until a correct combination of username and password is found and your site becomes compromised. Some servers can go through one-thousand combinations of username and password per minute – which means that these hacking robots can cover a lot of ground quickly.
What this means for anyone owning a website, or anywhere on the web, is that if you use a weak password then it will be guessed fast. Weak passwords are commonly used phrases, that are usually tried first by automated brute force bots: ‘qwerty’, ‘Password’, ‘123456’, ‘letmein’, ‘admin’.
In recent study, nearly 10% of the population have used a weak password at some stage. If you are one of them, then it’s time to change your password fast. You can beat brute force attackers, and keep your website secure by following a few important principles:
- Use strong and complex passwords, with a combination of uppercase, lowercase, numbers and symbols.
- Don’t ever reuse your password across multiple systems. Once your password has been compromised in one location, an attacker will have access to any system using the same combination of username and password.
- Never use ‘admin’ as your username.
- Use software to limit the number of login attempts. Such software can ban hacks from an IP address, or at least limit their progress by giving users a time-out for failed password attempts.
- Use ‘two factor’ authentication – this is a combination of password an access token. Using a tool like Google Authenticator to give you a unique code to access your website, in addition to your password.
Installing security software can help you as well. There are a number of packages that can be installed and configured to reduce the impact of brute force attacks on your server.
Social engineering, like this example in the video, is another very effective way of learning your password. So beware of tricks and never give away any personal information to strangers, especially when there’s a camera pointing in your face. If you feel you could be caught easily off-guard, have a phrase handy like “If I told you that then my password wouldn’t be secure.”
There are simple ways to protect yourself from brute force attacks. When you purchase a WordPress Protection Plan from Asporea, we include software that will increase security as well as limit the impact of brute force attacks on your server. Packages start from $14.95 per month and also include free core, plugin, and theme updates and regular off-site backups.