So, what can we do to protect out blogs from brute force attacks, where hackers just spend ages trying out every single password using clever pieces of software?

Actually, as I said yesterday although brute force will get in eventually, we stack the odds in our favour quite easily.

First of all, you must understand that these people work by just guessing different password strings. If you leave the administrator id as admin and use the password of ‘password’, then they will take seconds to guess those. Change just one of these and you make the job harder. Change both and it becomes many times harder.

If you have a secure password, for example using upper and lower case letters, numbers and an odd symbol or two, then the chance of someone trying that many different combinations is small.

If you also change the admin id and don’t make it obvious, then they not only have to hammer away at the password, but also at the userid. And that can be a double protection.

And there is also a third trick up our sleeves – admin lockdown plugins! These can be set to lockout login attempts from an IP address that has had too many failed attempts. For example, 3 failed attempts in 5 minutes and they are locked out for an hour. This means that hackers can only try two passwords in 5 minutes – 24 an hour. Brute force will take years at that rate!

Want to know how to do these or other security considerations? Come back again, or follow the blog security tag.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

If you want to keep up with our latest posts, just follow us on our RSS feed, join our weekly newsletter or follow us over at Twitter. Please do join in - it is totally free and only the best posts are passed to you!

Also, leave a comment below. We are a 'DoFollow' blog, so it is well worth your time. Thanks for calling in.

Similar Articles You Might Like To Read:
    Locking Down Your WordPress Admin Login If someone is going to attempt to attack your blog through brute force, a good password and an unusual admin...
    Choosing A New WordPress Admin Name If you want to make sure that you beat brute force hackers, then you must change your admin userid. Here...
    Limit Login Attempts And Lock Out Hackers One way hackers will try to hack into a target website is by running a program that tries thousands of...
    Blog Protection From Hackers If you are writing a blog then you have to be aware that you could be the target for hackers...
    Protecting Your Admin I have talked already about important steps such as using a secure password and changing your admin user id, but...
    Securing Your Blog With A Better Password It sounds simple, secure your login with a good password. So, why do so many people struggle? I know of...
    Keep Your Blog Safe From Hackers With a Strong Password Protecting your blog with a strong password is essential. How can you create a strong password and what else can...
    Ways Hackers Can Attempt To Attack Your Blog If you are worried about the security of your blog (and if you own a blog, you should be), then...
    Securing WordPress – 7 Essential Security Steps For Every Blog Preventing hackers and other unwelcome people from accessing your blog is essential. But WordPress, if not correctly used, can be...
    Limit Login Attempts – better than Login Lockdown! After a little bit of research, I have removed Login Lockdown and instead installed Limit Login Attempts. After trying them...