What is Brute Force Attack and Here Are Effective Tips To Prevent It

What is Brute Force Attack and Here Are Effective Tips To Prevent It

Hello everyone, welcome back to porkaone. Well, on this happy occasion, I will review a fun, relaxing, and quality article, about the world of digital security, namely brute force attacks and tips on how to prevent them. Curious?, let's follow the following article.

Brute Force Attack?

Brute force attack is the easiest way and can be done by anyone to break into a website. This method we can also call "guessing with prizes" where the burglar will force his way into by guessing a random username or password. Although classic, this method is still widely applied by hackers, especially on websites that do not have additional security such as login limitations and captcha.

Maybe some people will think that this method is very, very unlikely to work. Yes, it is very likely not to work, if it is guessed directly by humans. Humans have a limit to randomly guessing usernames and passwords, but bots don't. By using a bot, you don't need to list your username and password, everything will be done by the bot until the results you are looking for are appropriate.

But don't worry, you can prevent the above problems easily. Here are tips to prevent brute force attacks on your website or account.

Prevent Brute Force Attacks

1. Create Complicated Password Combinations

Never create a password from consecutive numbers such as 12345, or from easy-to-read sentences. Create a password combination by combining numbers, uppercase letters, lowercase letters, and symbols. Don't forget to make the password at least 8 characters long.

In most large websites, they will make strict rules in creating a password, there is even an indicator that indicates whether the password is strong, medium, or weak. If you find it difficult to create a strong password, please use an online password generator. Oh yes, after creating a password, don't forget to save it with other account data in notepad or a place that you think is safe.

mengatasi brute force attack
Password generator online

2. Set Login Limit

A login limit is a limit or number of attempts that a person can do to enter a website. If using a bot, the bot will stop providing input when a login limit occurs. This method will make it difficult for anyone to break into a website account, and will take longer to find the right password combination.

There are many examples of login limits, one of which is the login limit on m-banking, m-banking usually provides a maximum of 3x login attempts. If it fails then the account is automatically locked, and to open it you have to come to the bank directly.

Example of a login limit on wordpress: for example, you have set 5 attempts to login, then when the login attempt has run out, usually you have to wait for some time to be able to try it again.

If you use wordpress, you can use a plugin like wordfence security to easily create a login limit. You can set how many login attempts you can do.

mencegah brute force attack
Limit login

3. Using Captcha

Captcha stands for completely automated public test to tell computers and human apart. From, it means that we already know that this captcha is used to test whether you are human or robot.

I'm sure all of you are familiar with captcha, there are several types of captcha: there is a captcha in the form of a combination of letters, there is a captcha that requires us to answer questions, there is also a captcha that must choose the appropriate image, etc. Captcha is a pretty good way to prevent hacking, because bots can't guess captcha, only humans can understand captcha.

If you use wordpress, use the Wp Captcha plugin to create a captcha easily and quickly. You can also choose the type of captcha that you think is the safest.

mengatasi brute force
Wp captcha

4. Using Two Factor Authentication

Two factor authentication or 2FA is a security feature that is relatively new at this time but is very effective in preventing brute force attacks. How 2FA works, Where to be able to log into an account, it takes a confirmation or a code that is sent to another device. Usually the code sent will be sent to your SMS or email. For example gopay, usually to perform certain activities gopay requires us to enter the code sent to the phone number.

This method is also quite powerful to prevent hacking. By using this feature, you can know if there is login information made to your account or website. The code sent to your device must be stored and must not be shared with others, because if someone asks for a registration code that enters your device, it is certain that he will steal your account. If you use wordpress, this feature is of course already available. You can use the Authy plugin to create 2FA features.

5. Changing the Login URL

Usually to login to wordpress, people will access www.website address.com/wp-admin. Then the guesswork began. Well, there is another solution that you can apply so that thieves do not enter your site through this url. Namely changing the url address. If you are using wordpress, you can use the all in one wp security & firewall plugin to create a different login url quickly and easily.

6. Always Monitor Wordpress Logs

This last tip is very important to do, which is to always check who is logged into your website. If you use wordpress, you can use the wp security audit log to find out the activity of each logged in user, such as how many times he logged in, his ip address, and other suspicious activities.

mencegah brute force
Wp security audit log

A few articles about what a brute force attack is and the following effective tips to prevent it. Hopefully this short article is useful. If you have any questions, please leave your questions in the comments column below. See you in another interesting article. ️

Post a Comment