A few days ago, I was on the receiving end of a rather relentless brute force attack on my blog, The Small Business Playbook. It started slowly in the afternoon, and by the evening I was getting nervous as it turned into a full on assault on my website.

What is a Brute Force Attack

While there are dozens of ways someone can hack into your website, a brute force attack is one of the most common hacking methods. It's a strategy in which a hacker tries to access your website by trying to figure out your password. In this instance, automation programs are used where thousands of guesses are systematically applied against your login panel very quickly, hoping that your password can be cracked by their program. This is a primitive method of hacking, but if you have a weak password and are not taking precautions, it works pretty well.

Let the hacking begin

While I normally get 1 or 2 of these hacking attempts a week, a few days ago, I was under assault. It started at about 3pm, I started receiving notifications that I was getting multiple failed login attempts. At 5pm I was getting about 50 login attempts an hour, by 8pm I was getting about 50 attempts every 5 minutes….I was getting a little nervous as to what was happening as I never had such a concentration of hacking on my website before. By the end of the night, when the brute force attacked stopped, I had locked over 200 IP addresses that tried to access my website.

Limit Login Attempts Plugin

While I use several plugins and methods to help secure my WordPress website, Limit Login Attempts works specifically against brute force attacks and did a great job n this instance.

This plugin lets you lockout a users IP address for a specific amount of time if their login attempts fail after a certain amount of tries. You set the lockout duration as well as the number of failed attempts that trigger the lockout.

It's a free plugin and is really easy to configure. It will send you an email notification when an IP address is locked out and will keep a log of all previous IP lockouts in case you want to permanently blacklist them from your website.

Additional tips

Besides using the Limit Login Attempts plugin, if you use WordPress, there is a very important thing you need to do.

When you first create your WordPress site, the default user profile is “admin”. The very first thing you should do is create a new user profile, giving that user profile super admin priveledges and then go and delete that “admin” user profile from your account. The “admin” user profile is usually the one that's targeted since it's universal among WordPress websites and so many people fail to remove it.

One of the best strategies to use against hackers is to make their job harder. If they have to do even a little bit of work, especially for a smaller website, it's easier for them to just move on to another website that makes it easy for them.

Secure your website

There are lots of different ways your website can get hacked, a brute force attack is only one of many methods used by hackers. Take the time to secure your website now, it's relatively easy to do and save you major headaches down the road.

Have ideas on how to secure a WordPress website? Leave them in the comments below!

Bio
Latest Posts

Gary

CEO at 3Bug Media

Gary Shouldis is the founder of 3Bug Media, a web marketing company that helps businesses create 360 Marketing Strategies to dominate their market. His blog is read by over 20 thousand small business owners a month and has been featured in the N.Y. Times Small Business, Business Insider and Yahoo Small Business.

Latest posts by Gary (see all)

Top Local SEO Strategies for Flooring Companies: Building Reputation and Driving Traffic - October 31, 2024
How To Conduct a Competitor Analysis for Local SEO - December 11, 2023
The Ultimate Guide to On-Page SEO: Optimize Your Webpages Like a Pro - October 15, 2023

A Must Have Security Plugin For Your WordPress Site