Protect your Joomla or WordPress websites against brute force attacks


Sites developed with WordPress CMS and Joomla are subject to a surge of brute force attacks lately. Hackers seek, through this process, to take possession of the "administrator" account, by cracking the related password. How to protect yourself from these type of attack?

The brute force attack is a process that aims to recover the site administrator account credentials, by testing all possible combinations of the password associated with this account.

Securing your WordPress and Joomla blog.

Several actions can be taken, in order to prevent this type of attack (and other potential threats):

  • Delete the "administrator" accounts having the word "Admin" for identifier (and other simple derivatives): replace them by a more complex name.
  • Choose a complex password
  • For a WordPress blog, activate strong authentication (two factors) feature.
  • Keep your CMS and installed plugins up-to-date.
  • Under WordPress: block access to WP-LOGIN.PHP using a HTACCESS file. This will protect the administration pane using a login/password mechanisms!
Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM.net. CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
This document, titled « Protect your Joomla or WordPress websites against brute force attacks », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).