Protect your Joomla or WordPress websites against brute force attacks

December 2016

Sites developed with WordPress CMS and Joomla are subject to a surge of brute force attacks lately. Hackers seek, through this process, to take possession of the "administrator" account, by cracking the related password. How to protect yourself from these type of attack?

The brute force attack is a process that aims to recover the site administrator account credentials, by testing all possible combinations of the password associated with this account.

Securing your WordPress and Joomla blog.

Several actions can be taken, in order to prevent this type of attack (and other potential threats):
  • Delete the "administrator" accounts having the word "Admin" for identifier (and other simple derivatives): replace them by a more complex name.
  • Choose a complex password
  • For a WordPress blog, activate strong authentication (two factors) feature.
  • Keep your CMS and installed plugins up-to-date.
  • Under WordPress: block access to WP-LOGIN.PHP using a HTACCESS file. This will protect the administration pane using a login/password mechanisms!

Related :

This document entitled « Protect your Joomla or WordPress websites against brute force attacks » from CCM ( is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.