WordPress Vulnerabilities Part 1 : Brute Force Attacks

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” What does this have to do with web development? Well, if you know what you need to protect yourself from, and how, you won’t have to worry about your website.

There are several different types of WordPress vulnerabilities to protect yourself from, which we’ve covered in a previous article. Now that we’ve provided some basic information, we’re going to go a little more in depth in this series, starting with brute force attacks.

What is a Brute Force Attack?

A brute force attack is someone throwing password guesses at your website until they guess the right one. It’s a lot like a battering ram scene in any movie involving a castle. The enemy keeps bashing the massive wooden gate until finally, it splinters and cracks, allowing the enemy to pour through. It’s not great. In our case, a bot runs through possible password combinations until it finds the right one and then gains access to your site. Website passwords aren’t the only pieces of information they’re looking for, either. Brute force attacks can also be used to gain API keys. These are common ways for someone to gain access to your website.

Why are Brute Force Attacks a Problem?

Brains always beat brawn, right? No, not quite. Brute force attacks are relatively easy to perform and, if allowed, are successful. It can take years to find the correct password, given how slow these attacks progress but, given enough time, it can be done. There are a finite number of password combinations out there. Eventually, one will be successful. Just like that battering ram, with a little bit of persistence and patience, someone’s going to breach the gate and get inside.

How to Protect Yourself

There are a few simple ways to protect yourself and your website. Using complex passwords with numbers, characters, and random capitalizations make it harder for someone to guess your password. Requiring a two-factor authentication makes someone have to go in between devices, like a computer and a phone, in order to log in successfully. Also limiting the number of login attempts helps prevent someone from accessing your site. Using captchas deters bots from guessing your password. And having a developer on hand to maintain and monitor your website is a key component to keeping it protected.

Take Action

With some effort, you can protect your site from brute force attacks. But keep in mind that every time a password is required on your site, you need to reinforce your login. Using unique passwords, and especially not repeating passwords, is the first step towards protecting your site. And if you need help, finding the right developer to secure your site will keep you from ever having to worry.

About Curious Minds
We are a web development firm in New York and Chicago, providing development resources and consulting for websites and mobile apps since 2004.