Unlike hacks that focus on vulnerabilities in software, a Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. Often deemed 'inelegant', they can be very successful when people use passwords like '123456' and usernames like 'admin.'
Brute Force Login attacks to Joomla sites are very common and there are ways to mitigate the problem. Please implement one or more of the options described below to help protect your website against these type of attacks.
Step 1: Secure the Administrator Folder
The easiest way to protects your administrator folder from the typical brute force attack is to add password protection to the administrator folder. This can be done from within your cPanel account for your web hosting account with WebPal Cloud.ca. Click Here to view our flash tutorial on how to add password protection to a folder in cPanel. Once protected, you will need to login twice to edit your Joomla site. Once for the folder protection and once for the main Joomla login. This might feel like a nuisance but in the end it is far better than having your site hacked or brought down due to a brute force load attack.
Step 2: Implement Login Protection to your Login Form
There are dozens of available components and plugins available to secure your login scripts. You can see a list at the following: http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection
Joomla also has a complete security checklist to help you secure your Joomla install. Please see the following references for the most pertinient options:
How long does it take to set up a new account or product addon?
Administrative changes to accounts are generally set up within 1-2 hours from the time we receive...
Would I be able to modify my web pages on a regular basis?
We provide all of our clients with unlimited access to their accounts via FTP, using their...
How do I place an order?
You can place an order for an account directly from our web site 24 hours a day using our Secure...
Will mydomain.com automatically go to www.mydomain.com?
Yes. Our servers automatically point www.yourdomain.com and yourdomain.com to the same place.
What is the minimum/maximum contract for your hosting services?
The minimum time that you can sign up for an account is 1 month. We have prepayment terms of 3,...