WordPress Brute Force Attack, Prevention

In an attempt of cryptanalysis of code breaking of encrypted or secret information, a ‘brute force attack’ is a method of defeating a cryptographic scheme by employing a wide array of possibilities; e.g.. some possible keys for decrypting a message by hackers who wants to get into your system. Though theoretically a brute force attack is recognized, it is basically computationally unfeasible in practice. Actually, the method needs to be faster than the brute force attack. A brute force attack can be combined with a dictionary attack, which refers to a method for defeating an authentication mechanism by attempting to determine its decryption key or pass phrase. Brute force attempts can be easily spotted when you find a series of failed login attempts while checking your servers log files. You must then delay your page response.

Brute force attacks can be prevented or made less effective by:
1. Restricting the amount of valid login attempts
2. Banning a user’s IP after a certain number of failed attempts and report the attacker to the IP source upstream provider.
3. Always check on your log files for suspicious actions.
4. Demo or guest accounts must never be enabled.
5. Never allow more than one user in the root group.

If using WordPress, you will want to install these two plugins.
1. Login LockDown
2. WP Security Scan by: Michael Torbert

You can make your system relatively protected by adding a layer of security to your web server.

Choose your passwords carefully - Simple passwords with your spouse’s name or your favorite sports team is easy to guess. A serious hacker attempting a attack will be using an automated tool which can compromise your account.

Your username selection must be carefully done – Brute force attack is generally targeted on the ‘admin’ for then the damage to the system is maximized. It is quite simple to change the default WordPress "admin" login, to a more not so familiar login username for added security measures.  Please visit, lancelhoff.com for instructions to change the default login name for WordPress.

- - Please remember to always make backups of your files and database before you edit, just in case things go bad. - -

Have a strong password policy – It should be a combination of upper and lower case letters, numeric characters, punctuation marks and have a minimum of seven characters.

Spunky Jones.

1. How to reset the admin password in WordPress
2. Hackers, recently launch worm attacks on WordPress community and breach security
3. Stopping Hackers with the WordPress Firewall Plugin
4. A step by step dummies guide to installing WordPress
5. What to do when a plugin breaks your WordPress blog
6. Installing WordPress on Your Computer
7. WordPress 2.7 Creates Duplicate Content by Default
8. How to Remove the WordPress Generator
9. Robots.txt for WordPress SEO
10. How to remove /category/ from your WordPress URL