Protect Your Website From This Common Form of Hacking

In the world of website security, your login page can be the most vulnerable part of your website. If you log in with a common username and a weak password, you could be the perfect target for a brute force attack.

What is a Brute Force Attack?

A brute force attack is the most rudimentary form of hacking: it employs bots that try different combinations of usernames and passwords until they find the right one. These are called malicious login attempts and can affect your website’s performance.

Each time a visitor lands on your website, their IP address makes an HTTP request to your website’s server. When bots are constantly visiting your login page in an attempt to crack your password, the number of HTTP requests spikes. All this website traffic will slow down your site, or worse, cause your server to run out of memory.

Secure Login Credentials

Choosing strong login credentials is the first step to better web security — on any site. Change your username from “admin” to something unique. “Admin” might be simple to remember, but it’s also easy to hack. Avoid using passwords that contain a version of your own name or a word in the dictionary. Choose a passphrase with a mix of numbers and letters or use a password manager that will generate secure passwords and save them for you.

If you have Jetpack installed on your site, you can enable Secure Sign On and use the same credentials you use for WordPress.com to sign in to self-hosted WordPress.org sites quickly and securely. You can choose to make this the only way to log in and disable the default login form completely.

Jetpack Brute Force Attack Protection

It’s not just your blog content at risk during a brute force attack. If a hacker successfully accesses your administrator account, your entire server could be compromised. That’s why every Jetpack Protect plan includes protection from brute force attacks, including distributed attacks that use many servers against your site.

When an IP registers too many failed login attempts, Jetpack will block that IP from accessing the login form, quickly limiting HTTP requests before they slow down your site. Your site will be protected, and you can see the number of attacks that Jetpack has stopped with a widget in your self-hosted site’s dashboard.

Next Steps: Compare plans and choose the right one for your site.

This entry was posted in Security Series and tagged , , . Bookmark the permalink.

Comments

  1. sneezypb says:

    According to my dashboard, Jetpack has blocked 12,572 malicious attempts on my site.

  2. Stalyn says:

    Very useful, thanks for he heads up.

  3. Torogoza says:

    Good One! Thanks for sharing!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Relied on by millions of WordPress professionals worldwide.

Install Free   See Pricing

Created by Automattic: bringing the power of WordPress.com to every WordPress site.

%d bloggers like this: