Brute Force Attack

  • Filter
  • Time
  • Show
Clear All
new posts

    Brute Force Attack

    What is Brute Force Attack? How to Block It?

    Hello Crystal,

    Brute-force is a process of guessing your password by using combinations of letters, number , and symbols. Some of the brute-force attacks use dictionaries of commonly used passwords to
    speed up the process of guessing passwords.

    Protect yourself from such attacks by choosing an appropriate username and password. Do not use common names for your username. Try to keep them as complicated as possible and include numbers, special characters, upper-case and lower-case letters. You also get free password generators that create long and strong passwords for you to use. Use password vaults / password manager if you have issues remembering long passwords.

    In case you detect a brute-force attack against your site (You will get a huge amount of fail login attempts in your log), you can block the attackers IP address from accessing your site completely. To do that, simply add the following line to your .htaccess file:
    1. deny from
    Replace with the actual IP address of the hacker. Also, you should restrict the admin areas of your site only for your address. For WordPress, use your 'wp-admin' folder. For Joomla - you'll need to protect the 'administrator' directory. It is recommended to restrict the admin areas even if there is no attack against your site. The actual .htaccess rules you need to place in those folders are:
    1. deny from all
    2. allow from
    Replace with your IP address. To find out what is your IP, you can use one of the many sites providing that information.



      A hacker launches brute force attack by trying to guess the user ID and password to enter your system. If successful, he can get access to the confidential information or administration tools used by the System Administrator and can modify, delete, add web application content, and can also do other malicious things that can harm your business/data.

      Few of the ways to prevent this attack is

      Make sure the passwords are a little more complex.
      Return a consistent error message for failed logins. Donít give hints to hackers with verbose error messages!
      One common way developers do this is to implement a security control called a captcha.


        In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing a combination correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.