Brute-force is a method of guessing your password by trying combinations of letters, numbers and symbols. Some brute-force attacks utilize dictionaries of commonly used passwords, words, etc. in order to speed up the process of guessing users passwords.
Common things you can do to avoid brute force attack.
- User google reCaptcha or any other good captcha which bots cannot guess.
- You can also use limit password attempts so if a user attempt x number of times wrong password his IP should be blocked for certain time.
- You should always use strong password. Which can be 12 characters, with some numbers, capital and small letters, including some symbols.
- Never use common usernames like admin or administrator.
The first thing you need to do in order to protect yourself from such attacks is to choose an appropriate username and password. Try not to use common names for your username as admin, administrator, superuser. Regarding your password, try using as complicated one as possible and include numbers, special characters, upper-case and lowercase letters.
There are free generators that create long and strong passwords for you to use. If you have experience issues remembering long passwords, you can use password vaults like 1Password for example.
Detected brute force attack?
If you detect that someone has launched a brute-force attack against your site (such attacks generate huge amount of fail login attempts in your log), you can block the attackers IP address from accessing your site completely. To do that, simply add the following line to your .htaccess file:
deny from 220.127.116.11
Replace 18.104.22.168 with the actual IP address of the attacker.
In addition, you should restrict the admin areas of your site only for your address. In case you use WordPress, that should be your wp-admin folder.
Replace 22.214.171.124 with your IP address. To find out what is your IP, you can use one of the many sites providing that information like whatismyip.com for example.
Need expert help?
We are available to get you secure from Brute force attacks. Contact us!
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?