Recently I have been experiencing a lot of brute force attacks against my website.
What are brute force attacks?
Brute force attacks are attacks against login systems (generally) that try every combination possible as a password, these attacks can be very effective with modern computers, some computers can compute millions of combinations in minutes or seconds.
How can I tell?
I have a plugin installed called Wordfence installed which tracks login events (failed or successful). Wordfence for WordPress is a must in my opinion it is a very helpful insight.
Am I worried about brute force attacks?
No. I am not worried about the attempted brute force attacks due to several things,
- I have a strong password 🙂 long in length and a mix of numbers, letters and special characters
- A Captcha image needs to be solved in order to log in (this prevents users from using a bot to automate the process).
- Finally I have Google Authenticator verification set up, so a one time password is also required to log in.
With all of these things I’d say any attacker would be hard pressed to brute force that, I’m not saying I can’t be hacked but brute force would not be the way to do it.
If you are experiencing brute force attacks on your website I would highly recommend using a unique strong password and setting up some form of two step authentication. I believe two step authentication is a great idea, in order for an attacker to log in as you they would need your secret or mobile device.
On another note, anyone who tries brute forcing my website or uses any of form of attack will be blocked.