{"id":19956,"date":"2024-11-18T12:40:39","date_gmt":"2024-11-18T12:40:39","guid":{"rendered":"https:\/\/www.webhosting.uk.com\/blog\/?p=19956"},"modified":"2025-10-24T08:31:47","modified_gmt":"2025-10-24T08:31:47","slug":"tackling-cybersecurity-threats-how-to-prevent-brute-force-attacks","status":"publish","type":"post","link":"https:\/\/www.webhosting.uk.com\/blog\/tackling-cybersecurity-threats-how-to-prevent-brute-force-attacks\/","title":{"rendered":"Tackling Cybersecurity Threats: How to Prevent Brute Force Attacks"},"content":{"rendered":"<p>Brute force attacks, where cybercriminals try to guess usernames and passwords to access systems, are one of the oldest forms of online threat. Indeed, one could argue that the practice is as old as padlocks and safes with number combination locks. They are also extremely common \u2013 according to the Information Commissioner\u2019s Office (ICO), in April 2023, there were 11,000 brute force attacks every second . Becoming a victim of such an attack can have a devastating impact, and in this post, we take a deeper look at what these attacks are, how they are carried out and what you can do to prevent them.<\/p>\n<div class=\"more-tab-content\">\n<h2><strong>Contents<\/strong><\/h2>\n<ol>\n<li><a href=\"#brute-force-attacks\">What are brute force attacks?<\/a><\/li>\n<li><a href=\"#attackers-target\">Who do brute force attackers target?<\/a><\/li>\n<li><a href=\"#defending-against\">Defending against brute force attacks<\/a><a name=\"brute-force-attacks\"><\/a><\/li>\n<li><a href=\"#conclusion\">Conclusion<\/a><\/li>\n<\/ol>\n<\/div>\n<h3><strong>What are brute force attacks?<\/strong><\/h3>\n<p>In their simplest form, a brute force attack is someone trying to gain access to your website or system by guessing your login credentials. In most cases, this is done by trial and error, with cybercriminals making repeated guesses until they get it right or give up.<\/p>\n<p>Given the complexity of passwords and the trillions of possibilities, most cybercriminals don\u2019t make random guesses. Many will make use of password dictionaries, i.e., lists of the most commonly used passwords in different languages and regions, as well as buying login credentials stolen during data breaches, from the dark web.<\/p>\n<p>The common misconception of brute force attackers is that they are someone sitting at a keyboard constantly typing passwords into the login page. In reality, they are far more sophisticated than this. Like the businesses they are attacking, they too have access to advanced tools that automate the process, enabling credentials to be inputted at pace \u2013 some even use the cloud so that they can massively scale up their operations. These tools also utilise databases of stolen credentials and password dictionaries, so that they choose the most likely password and username combinations. Add to this the potential of AI to utilise that data to predict login credentials and the true scale of the threat becomes obvious.<\/p>\n<p>The sophistication doesn\u2019t stop there. Traditionally, one of the most effective ways to prevent a brute force attack is to use a firewall that can detect failed login attempts coming from the same IP address. When this happens, the IP is blocked, stopping the user from <a name=\"attackers-target\"><\/a>accessing the login page. Today, brute force attackers have various means to avoid this, such as using VPNs or taking over compromised computers elsewhere.<\/p>\n<p style=\"text-align: center;\"><em><strong>Don\u2019t become a victim to malware, read: <a href=\"https:\/\/www.webhosting.uk.com\/blog\/tackling-cybersecurity-threats-protecting-systems-from-malware\/\">Tackling Cybersecurity Threats \u2013 Protecting Systems From Malware<\/a><\/strong><\/em><\/p>\n<h3><strong>Who do brute force attackers target?<\/strong><\/h3>\n<p>Every brute force attacker has their own reasons for doing what they do. The motivation for carrying out an attack can include everything from teenagers wanting to deface their school website for a laugh, to state-sponsored gangs trying to disrupt national infrastructure. In between, you have criminals trying to steal user data, business intelligence and money or wanting to take control of systems for other purposes, such as to spread malware.<\/p>\n<p>While everyone is a potential target, cybercriminals generally try to attack the most vulnerable systems as they are easier to access, or the ones that will enable them to achieve other objectives. Smaller companies are often chosen because they have less robust security measures than larger companies; healthcare, education, financial and e-commerce organisations are chosen for their sensitive personal data; and public sector, transport, utility, internet and financial organisations are chosen as attacks on them can be massively disruptive.<\/p>\n<p>Brute force attackers will also target individuals within organisations \u2013 whether it is to get access to a politician\u2019s emails, a CEO\u2019s files, or a system admin\u2019s user area, <a name=\"defending-against\"><\/a>these can be highly lucrative attacks well worth the persistent effort.<\/p>\n<p style=\"text-align: center;\"><em><strong>Is your network secure? Read: 5 <a href=\"https:\/\/www.webhosting.uk.com\/blog\/5-top-tips-to-ensure-network-security\/\">Top Tips to Ensure Network Security<\/a><\/strong><\/em><\/p>\n<h3><strong>Defending against brute force attacks<\/strong><\/h3>\n<p>There is no single solution to defending against a brute force attack. Instead, companies need to put a range of measures into place to cover all weaknesses. The starting point is a strong password policy. As part of that policy, users should be forced to use long, complex passwords that contain upper and lowercase letters, numbers and special characters. These are much harder, even for sophisticated password-cracking tools, to guess correctly. Additionally, users must not use these passwords on any other accounts, and they should be changed regularly so that if anyone does get access to them, they will soon be out of date.<\/p>\n<p>It is possible to make passwords even more complex by using hashing and salting tools. Hashing converts relatively simple and easy to remember passwords into long complex strings of characters, e.g. it can turn Steve-200578 into something like \u2018572d811ea5d584bc6d497gg98491e47\u2019. Salting adds strings of numbers before and after simple passwords so that even if users have the same password, the hash number will be different.<\/p>\n<p>The next step is to use two-factor or multi-factor authentication. This protocol adds an extra layer of defence by requiring the user to add further information besides username and password when logging in. This can be a six-figure passcode sent by text or generated by an app, or biometric data, like a fingerprint or facial recognition. The advantage of additional authentication is that while a cybercriminal may have cracked the username and password, without physical access to the code on the user\u2019s phone or their fingerprint, they still will not be able to gain entry to the account.<\/p>\n<p style=\"text-align: center;\"><em><strong>For more information, read: <a href=\"https:\/\/www.webhosting.uk.com\/blog\/two-factor-authentication-why-you-need-it-for-your-web-hosting\/\">Two-Factor Authentication: Why You Need It for Your Web Hosting<\/a><\/strong><\/em><\/p>\n<p>Another important part of brute force defence is to implement a firewall. While smarter attackers may use VPNs, etc, to try and evade detection, these tools are clever enough to detect multiple failed login attempts from any IP and block them. Moreover, you can even set limits on the number of failed attempts and the length of time that IPs are blocked for. Additionally, you can permanently block IPs and restrict locations from where people visit. If all your employees are based in the UK, for example, you can block anyone trying to log in from other countries.<\/p>\n<p>A simple but very effective anti-brute-force tool to use on a login page is CAPTCHA. By requiring the user to prove that they are human, it prevents automated systems from making login attempts and slows down anyone entering credentials manually.<\/p>\n<p>One of the most effective ways to defend against brute force attacks is to choose a secure web host. Hosting providers, like Webhosting UK, have the in-house expertise and the most advanced tools to defend against every type of threat, including brute force attacks. They protect your systems around the clock with advanced firewalls and intrusion and malware <a name=\"conclusion\"><\/a>prevention, while providing a range of other security features like free SSL certificates, email spam and malware filtering, backup solutions and more.<\/p>\n<h4><strong>Conclusion<\/strong><\/h4>\n<p>Brute force attacks have evolved from being crude, manual attempts to guess usernames and passwords to cloud-based, automated systems using algorithms trained on stolen login credentials. Defending against them has become increasingly difficult as their methods of attack have advanced. Hopefully, from reading this article, you\u2019ll now understand how brute force attacks are carried out and the various ways you can protect your systems from them.<\/p>\n<p>If you are looking for fast, affordable and reliable web hosting, backed by rock-solid security against brute force and other types of cyberattacks, visit our <a href=\"https:\/\/www.webhosting.uk.com\/cpanel-hosting\">Web Hosting with cPanel<\/a> page.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Brute force attacks, where cybercriminals try to guess usernames and passwords to access systems, are one of the oldest forms of online threat. Indeed, one could argue that the practice&hellip;<\/p>\n<p><a href=\"https:\/\/www.webhosting.uk.com\/blog\/tackling-cybersecurity-threats-how-to-prevent-brute-force-attacks\/\" class=\"more-link\">Read More<\/a><\/p>\n<div class='heateorSssClear'><\/div><div  class='heateor_sss_sharing_container heateor_sss_horizontal_sharing' data-heateor-sss-href='https:\/\/www.webhosting.uk.com\/blog\/tackling-cybersecurity-threats-how-to-prevent-brute-force-attacks\/'><div class='heateor_sss_sharing_title' style=\"font-weight:bold\" >Spread the love<\/div><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fwww.webhosting.uk.com%2Fblog%2Ftackling-cybersecurity-threats-how-to-prevent-brute-force-attacks%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:40px;height:40px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"X\" class=\"heateor_sss_button_x\" href=\"https:\/\/twitter.com\/intent\/tweet?text=Preventing%20Brute%20Force%20Attacks%3A%20Tackling%20Cybersecurity%20Threats&url=https%3A%2F%2Fwww.webhosting.uk.com%2Fblog%2Ftackling-cybersecurity-threats-how-to-prevent-brute-force-attacks%2F\" title=\"X\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_x\" style=\"background-color:#2a2a2a;width:40px;height:40px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg width=\"100%\" height=\"100%\" style=\"display:block;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M21.751 7h3.067l-6.7 7.658L26 25.078h-6.172l-4.833-6.32-5.531 6.32h-3.07l7.167-8.19L6 7h6.328l4.37 5.777L21.75 7Zm-1.076 16.242h1.7L11.404 8.74H9.58l11.094 14.503Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fwww.webhosting.uk.com%2Fblog%2Ftackling-cybersecurity-threats-how-to-prevent-brute-force-attacks%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:40px;height:40px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div><div class='heateorSssClear'><\/div>","protected":false},"author":130,"featured_media":19957,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1735],"tags":[],"ppma_author":[2393],"class_list":["post-19956","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"authors":[{"term_id":2393,"user_id":0,"is_guest":1,"slug":"pooja-kulkarni","display_name":"Pooja Kulkarni","avatar_url":{"url":"https:\/\/www.webhosting.uk.com\/blog\/wp-content\/uploads\/2016\/10\/1.jpg","url2x":"https:\/\/www.webhosting.uk.com\/blog\/wp-content\/uploads\/2016\/10\/1.jpg"},"author_category":"","user_url":"https:\/\/www.webhosting.uk.com","last_name":"Kulkarni","first_name":"Pooja","job_title":"","description":"I'm experienced SEO specialist. With a focus on the technical aspects of SEO, I work to enhance website's visibility and overall performance seamlessly."}],"_links":{"self":[{"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/posts\/19956","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/users\/130"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/comments?post=19956"}],"version-history":[{"count":11,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/posts\/19956\/revisions"}],"predecessor-version":[{"id":20712,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/posts\/19956\/revisions\/20712"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/media\/19957"}],"wp:attachment":[{"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/media?parent=19956"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/categories?post=19956"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/tags?post=19956"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=19956"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}