What is a ‘Brute Force Attack’?

Brute Force Attack LogA Brute Force attack is the modern equivalent of trench warfare. The hacker simply smashes at the attackee’s defences mercilessly and mindlessly until they find a hole to break through.

In WordPress the default login ID is ‘Admin’ so the classic Brute Force attack tries to break into your site by trying to login as Admin then trying thousands of different passwords…

BTW the hacker isn’t sitting at the other end furiously typing, they use  ‘hacker robot’ software that automates the process relentlessly trying to login in over and over and over…  (1,278 times in the log illustrated right)  I have seen as many as 30,000+ failed login attempts.

There’s several strategies to reduce the incidence of brute force hacking including:

Most just stop the less well equipped hackers, but the really determined ones will eventually find a way to breach your site, so ensure you keep current backups in the event you have to throw it all away and start again…

What is a htaccess hack?

htaccess hacks are a relatively common form of website hack.

These hacks are difficult to detect, and typically indiscriminately redirect innocent visitors to ‘socially undesirable’ destinations rather than to your website.

The offenders somehow manage to edit the website’s htaccess file, which can create all sorts of issues your site; probably the worst being that Google detects the hack and displays a warning notice against your website in search result. Between the redirections and Google’s warning to not visit your website tends to frighten prospective clients away, so the htaccess hack its not good for business at all…

Disabling/removing a htaccess hack is a specialist job, so contact me and Ill do it or you.