What is Brute Force Hacking?

Hacking has been on the rise over the past decade and that’s because it’s becoming easier to do. Hackers now have access to software and pre-constructed scripts that makes a novice hacker, who has no previous experience in hacking, into a force to be reckoned with. One of the easiest methods implores a software or set of scripts in a technique called brute force hacking.

Brute force hacking is when a potential hacker tries to guess your username and password over and over until they are able to log into the backend of your site. This could take thousands or more than a hundred thousand attempts until the would-be intruder is logged into your site.

Once they’re logged in, all of that valuable data of your users (if you have an e-commerce environment, that means credit cards, addresses, and social security numbers) are available to the trespasser. It’s best practice to create and maintain a defense against brute force hacking.

How Do I Avoid This?

There are many techniques you can use to protect yourself against brute force hacking. The following are three very simple tactics you can implement on your website to protect your business information and the personal data of your website users.

Geographic Security

One of the most common techniques is to block countries outside of your place of residents and or the countries outside of where you do business.

If your company only deals business inside their respected country, then it is wise to block outside countries. This is recommended since most brute force hackers will use a virtual private network (VPN) to make themselves appear outside of their country in order to hide their true identity. A VPN is a form of encrypted communication between two networks. VPN’s are mostly used by businesses that want remote access to their workstation with an extra layer of security. A brute force hacker will create a secure connection with their VPN to change their IP address to a different country to remain anonymous.

Password Security

It is highly recommended that you create long, complex passwords as well as enforce your users to do the same. This will make the brute force hacker work much harder to get into your site. Most brute force hackers will only spend a small amount of time on a site and move on to a site that’s easier to hack. Using complex passwords will significantly work to decrease the chances of a hacker figuring out your password.
It’s highly recommended that your password is NOT a dictionary word; the more random the letters, the better. Also, you should throw in some symbols and numbers to mix it up.

A couple of bad examples of a password would be: apple, 1234, password, admin. A really good example of a password would be: nU#ezUnu5oVi1poyirlP.

Notice the how long and random the letters, numbers, and symbols are? This password would be very hard to crack. You can find password generators online to help create your complex passwords. Norton offers a fantastic password generator on their official site.

Login Attempt Limit

Another way to help decrease the chance of a brute force hacker getting into your site is to limit the amount of failed attempts when a user logs in. I know most people get frustrated when they forgot their password and after a certain amount of attempts, they cannot log back until after a certain amount of time. While this is frustrating, it is used to lock out brute force hacking attempts. Since the nature of brute force hacking is to guess the username and password, limiting the failed attempts will help slow them down.

VPN’s also play a role here. Let’s say a hacker has run out of attempts to log into your site; the backend of the site records that IP address and does not allow them to attempt anymore. That brute force hacker can use a VPN to change their IP address in order to continue attempting to crack your password. Knowing of this, I highly recommend turning on “Limit Failed Attempts.”


It’s easy to fall under the assumption that your website is fine, but there are always people out there looking for and trying to take advantage of holes in security. Rather than waiting until its too late, take these simple steps to improve the security of your website today.