As I related to in my WordPress security tips post awhile back, a couple of years ago one of my sites which I hadn’t touched in awhile was hacked. Unfortunately I hadn’t been backing it up, and while there wasn’t a lot of content on that site, I lost everything. I’ve since gotten a lot more careful about doing what I can to protect my sites and make regular backing up a priority. Let’s talk about brute force password attack safety tips.
Brute Force Password Attack Safety Tips
The site I alluded to was compromised through brute force hacking. What is brute force hacking? This is basically when someone uses a software to try thousands or even millions of character combinations until the find the one which grants them access to your WordPress account or worse even your hosting account.
Once they have that, they can go ahead and lock you out of your own account, delete everything you’ve spent your time and energy to create, and replace it with their own content. This is either because they want something of yours or it’s simply for bragging rights. There are two simple but powerful tips you can use to protect yourself from brute force password attacks.
The first tip is to use long and complex passwords. I recommend either writing down your passwords or keeping a notepad file somewhere secure on your computer which you can refer to for logging into your accounts.
I used to have complicated/random character string passwords, but they were short. The longer your password, it gets exponentially more difficult and time consuming to crack your code. I recommend you go with number, symbols, and upper case as well as lower case letters, all randomly interchanged with one another. Codes which are simple to remember are simple to crack, so keep that in mind.
Most valuable services nowadays which require you to choose a password, such as WordPress or a hosting account, will offer a random password generator which will be as random and complex as you can imagine.
Other than that, I completely recommend you arm yourself with “Login Lockdown”, a simple but essential free WordPress plugin which allows three unsuccessful login attempts of your account before it shuts you out for an hour or more. I don’t understand why this isn’t a default plugin which is included with WordPress given the prevalence of brute force attacks webmasters come under every day. Nevertheless, it ensures that if someone tries to brute force hack your account, they’ll quickly be denied.
Protect your WordPress account from brute force hacks with the free Login Lockdown today.