If you keep hitting at something long enough and hard enough you will eventually knock it down. That was a military tactic in the middle ages when they used battering rams to knock down castles and fortresses. And it’s a hacker tactic used these days to break into websites. They use brute force.
On WordPress websites, or any built with a Content Management System that offers easy creation and updates, a username/password combination is used to access the administrative panel or dashboard. And that is what the hackers go after – if they can guess the username and password then they gain access and then control.
You can make it easy for them by using a username like “admin” or your domain name. The shorter and more common your password – such as using “password” – the faster they will break in.
Hackers don’t sit there manually typing in usernames and passwords. They employ programs trying hundreds or thousands of combinations every minute until they get in. Once they have control of your website they can leverage it to make money by distributing spam, malware, redirection to sites that pay them money, etc. (See our article Why would they hack my site?)
Breaking into websites is a business for them and they work at it constantly. On our website citycent.com we have been attacked 312 times in the last 7 days. Because we block attempts to login if there are too many failed attempts (like from a hacker), the number would be far higher without that precaution.
There are things you can do to help protect yourself:
- Don’t use a simple username
- Don’t use a short or common password
- Use software to block repeated failed login attempts (we provide this with our Security, Update and Backup Service)
In our experience every single website is under constant attack. Without protection you can easily become a victim.
Wordfence has an excellent article that gives even more information on this subject: Introduction to Brute Force Attacks
Contact us to tell us how we can help you protect your website and make it better!