What is a ‘Brute Force Attack’?
A Brute Force attack is the modern equivalent of trench warfare. The hacker simply smashes at the attackee’s defences mercilessly and mindlessly until they find a hole to break through.
In WordPress the default login ID is ‘Admin’ so the classic Brute Force attack tries to break into your site by trying to login as Admin then trying thousands of different passwords…
BTW the hacker isn’t sitting at the other end furiously typing, they use ‘hacker robot’ software that automates the process relentlessly trying to login in over and over and over… (1,278 times in the log illustrated right) I have seen as many as 30,000+ failed login attempts.
There’s several strategies to reduce the incidence of brute force hacking including:
- Remove the default ADMIN login ID
- Limit the number of failed logins from an IP
Checkout the Limit Login Attempts plugin - Bullet Proof Securities optional brute force code
- Use of active firewalls like ConfigServer on your web server
Most just stop the less well equipped hackers, but the really determined ones will eventually find a way to breach your site, so ensure you keep current backups in the event you have to throw it all away and start again…