These are very common attacks and will happen to any website sooner or later. Brute force attack usually involves password guessing and if you have passwords as follow you are in big trouble:

admin, 123456, password, 12345678, 666666, 111111, 1234567, qwerty, siteadmin, administrator, root, 123123, 123321, 1234567890, letmein123, test123, demo123, pass123, 123qwe, qwe123, 654321, loveyou, adminadmin123

Following is a screenshot of a brute force failed attempts at our site:




Though the attempts failed, the constant attempts (10s per second) are irritating and used up bandwidths. The following basic steps are taken:

  1. Change passwords to very strong password
  2. Change username to complicated combinations
  3. Setup up and harden the security plugins
  4. Block all other countries visitation temporary
  5. Setup Captcha
  6. Block IP on second failed attempt to login for 2 months
  7. Advance tweaking

Within a day, the “brute force” hacking stops.

The most common targets for Brute Force Attacks are:

  • WordPress wp-admin/wp-login.php
  • Joomla /administrator
  • Drupal /admin
  • Magento /index.php/admin

Basic security precaution needs to be taken by every site owner such as strong password, captcha, anti-virus etc.

Difficulty level: complex
Recurring Risk: Yes

Want us to do this for you? It takes about 8 to 12 hours.
Our rate is SGD $20 per hour ( min. 2 hours)
Email: or message +65 8263 1006