These are very common attacks and will happen to any website sooner or later. Brute force attack usually involves password guessing and if you have passwords as follow you are in big trouble:
admin, 123456, password, 12345678, 666666, 111111, 1234567, qwerty, siteadmin, administrator, root, 123123, 123321, 1234567890, letmein123, test123, demo123, pass123, 123qwe, qwe123, 654321, loveyou, adminadmin123
Following is a screenshot of a brute force failed attempts at our site:
Though the attempts failed, the constant attempts (10s per second) are irritating and used up bandwidths. The following basic steps are taken:
- Change passwords to very strong password
- Change username to complicated combinations
- Setup up and harden the security plugins
- Block all other countries visitation temporary
- Setup Captcha
- Block IP on second failed attempt to login for 2 months
- Advance tweaking
Within a day, the “brute force” hacking stops.
The most common targets for Brute Force Attacks are:
- WordPress wp-admin/wp-login.php
- Joomla /administrator
- Drupal /admin
- Magento /index.php/admin
Basic security precaution needs to be taken by every site owner such as strong password, captcha, anti-virus etc.
Difficulty level: complex
Recurring Risk: Yes
Want us to do this for you? It takes about 8 to 12 hours.
Our rate is SGD $20 per hour ( min. 2 hours)
Email: firstname.lastname@example.org or message +65 8263 1006