What Is a Brute Force Attack? Is Your Site Vulnerable to One?

Updated on September 9, 2022 - Andrea Zoellner

Your login page is the most vulnerable part of your website. It is the perfect target for a brute force attack — the most common form of online hacking.

What is a Brute Force Attack?

A brute force attack is the most rudimentary form of hacking: it employs bots that try different combinations of usernames and passwords until they find the right one. These are called malicious login attempts and can affect your website’s performance.

Each time a visitor lands on your website, their IP address makes an HTTP request to your website’s server. When bots are constantly visiting your login page in an attempt to crack your password, the number of HTTP requests spikes. All this website traffic will slow down your site, or worse, cause your server to run out of memory.

Secure Login Credentials

Choosing strong login credentials is the first step to better web security — on any site. Change your username from “admin” to something unique. “Admin” might be simple to remember, but it’s also easy to hack. Avoid using passwords that contain a version of your own name or a word in the dictionary. Choose a passphrase with a mix of numbers and letters or use a password manager that will generate secure passwords and save them for you.

If you have Jetpack installed on your site, you can enable Secure Sign On and use the same credentials you use for WordPress.com to sign in to self-hosted WordPress.org sites quickly and securely. You can choose to make this the only way to log in and disable the default login form completely.

Jetpack Brute Force Attack Protection

It’s not just your blog content at risk during a brute force attack. If a hacker successfully accesses your administrator account, your entire server could be compromised. That’s why every Jetpack plan includes protection from brute force attacks, including distributed attacks that use many servers against your site.

When an IP registers too many failed login attempts, Jetpack will block that IP from accessing the login form, quickly limiting HTTP requests before they slow down your site. Your site will be protected, and you can see the number of attacks that Jetpack has stopped with a widget in your self-hosted site’s dashboard.

Next Steps: Compare plans and choose the right one for your site.

This entry was posted in Security and tagged , , . Bookmark the permalink.
Andrea Zoellner profile

Andrea Zoellner

Copywriter, communicator, and unrelenting nomophobe. I'm obsessed with French expressions, English puns, and packing the perfect carry-on.

Explore the benefits of Jetpack

Learn how Jetpack can help you protect, speed up, and grow your WordPress site.

Get up to 50% off your first year.

Compare plans

Have a question?

Comments are closed for this article, but we're still here to help! Visit the support forum and we'll be happy to answer any questions.

View support forum

Comments

  1. sneezypb says:
    April 19, 2017 at 1:33 pm

    According to my dashboard, Jetpack has blocked 12,572 malicious attempts on my site.

    Like

  2. Stalyn says:
    April 19, 2017 at 4:49 pm

    Very useful, thanks for he heads up.

    Like

  3. Torogoza says:
    April 26, 2017 at 2:25 am

    Good One! Thanks for sharing!

    Like

  • Enter your email address to follow this blog and receive news and updates from Jetpack!

    Join 111,996 other subscribers

  • Browse by Topic

    • %d bloggers like this: