WordPress
Brute Force Attack
A brute force attack is when an automated bot tries thousands of username and password combinations on your login page, hoping to guess its way in. It's one of the most common ways WordPress sites get hacked.
In plain English
A brute force attack is exactly what it sounds like: a program hammering your login page with guess after guess — common passwords, leaked passwords, thousands per minute — until one works. There's no cleverness to it, just relentless trial and error. Because WordPress is so popular, automated bots probe its login pages constantly, looking for weak passwords to crack.
Why it matters for your business
Two ways this hurts you. If an attack succeeds, someone's inside your site and can deface it, steal data, or plant malware. Even when it fails, the sheer volume of attempts can overload your hosting and slow your site to a crawl or knock it offline — so it costs you even without getting in. Weak or reused passwords are what turn a routine attack into an actual break-in.
How to shut it down
Strong, unique passwords are the baseline. Beyond that, limiting login attempts, adding two-factor authentication, and a security layer that blocks repeat offenders stop the vast majority of these cold — quiet protections that run in the background.
Related terms
Run into this on your site?
Security & Malware Cleanup