Protect your Joomla or WordPress websites against brute force attacks

May 2017



Sites developed with WordPress CMS and Joomla are subject to a surge of brute force attacks lately. Hackers seek, through this process, to take possession of the "administrator" account, by cracking the related password. How to protect yourself from these type of attack?

The brute force attack is a process that aims to recover the site administrator account credentials, by testing all possible combinations of the password associated with this account.


Securing your WordPress and Joomla blog.

Several actions can be taken, in order to prevent this type of attack (and other potential threats):
  • Delete the "administrator" accounts having the word "Admin" for identifier (and other simple derivatives): replace them by a more complex name.
  • Choose a complex password
  • For a WordPress blog, activate strong authentication (two factors) feature.
  • Keep your CMS and installed plugins up-to-date.
  • Under WordPress: block access to WP-LOGIN.PHP using a HTACCESS file. This will protect the administration pane using a login/password mechanisms!

Related


Published by deri58. Latest update on April 15, 2013 at 06:20 AM by deri58.
This document, titled "Protect your Joomla or WordPress websites against brute force attacks," is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).