Knowledge Base
Understanding Brute Force Attacks
Protecting Against Password Guessing
Brute force attacks try to guess your password by attempting many combinations.
What is a Brute Force Attack?
Automated scripts try thousands of password combinations against your login page.
How They Work
- Target common usernames (admin, administrator)
- Try common passwords first
- Use dictionary words
- Try combinations at high speed
Signs of Brute Force Attack
- Many failed login attempts in logs
- Slow website performance
- Account lockouts
- Security plugin alerts
Protection Measures
- Limit login attempts: Block IPs after failed tries
- Use strong passwords: Can't be easily guessed
- Change default username: Don't use "admin"
- Enable 2FA: Password alone isn't enough
- Use CAPTCHA: Block automated attempts
WordPress Protection
Security plugins like Wordfence or iThemes Security can:
- Limit login attempts
- Block suspicious IPs
- Alert you to attacks
DirectAdmin Protection
DirectAdmin has built-in brute force protection that blocks IPs after multiple failed attempts.