Unlike hacks that focus on vulnerabilities in software, a Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. Often deemed 'inelegant', they can be very successful when people use passwords like '123456' and usernames like 'admin.'

Brute Force Login attacks to Joomla sites are very common and there are ways to mitigate the problem. Please implement one or more of the options described below to help protect your website against these type of attacks. 

Step 1: Secure the Administrator Folder

The easiest way to protects your administrator folder from the typical brute force attack is to add password protection to the administrator folder. This can be done from within your cPanel account for your web hosting account with WebPal Cloud.ca. Click Here to view our flash tutorial on how to add password protection to a folder in cPanel. Once protected, you will need to login twice to edit your Joomla site. Once for the folder protection and once for the main Joomla login. This might feel like a nuisance but in the end it is far better than having your site hacked or brought down due to a brute force load attack. 

Step 2: Implement Login Protection to your Login Form

There are dozens of available components and plugins available to secure your login scripts. You can see a list at the following: http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection 

Joomla also has a complete security checklist to help you secure your Joomla install. Please see the following references for the most pertinient options: 

• Security Checklist/Joomla! Setup
• Security Checklist/Site Administration

If you have any questions or would like our developers to assist you with these or other updates please contact us at service@cloud.webpal.net. 

Thank you.