Changeset 2466383
- Timestamp:
- 02/01/2021 12:08:41 PM (5 years ago)
- Location:
- guardgiant
- Files:
-
- 2 edited
-
tags/2.2.3/README.txt (modified) (1 diff)
-
trunk/README.txt (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
guardgiant/tags/2.2.3/README.txt
r2451763 r2466383 73 73 74 74 The most common threat that WordPress site owners face is a password guessing attack known as a brute force attack. 75 A brute force attack is where an attacker uses a brute force tool (or script) to discover your password by systematically trying every possible combination of letters, numbers, and symbols until the correct password is found. 76 A brute force attack will always work eventually, but the problem for the brute force attacker is that it may take many years to do it. 75 A brute force attack is where an attacker uses a brute force tool (or script) to discover your password by systematically trying every possible combination of letters, numbers, and symbols until the correct password is found. A brute force attack will always work eventually, but the problem for the brute force attacker is that it may take many years to do it. 77 76 78 77 Brute force prevention techniques focus on slowing down these attacks to the point where they become unviable. 79 78 80 Using long and complex passwords (that are not dictionary words) is a good brute force attack prevention method to start with. 81 This greatly increases the time an attacker will need. 79 Using long and complex passwords (that are not dictionary words) is a good brute force attack prevention method to start with. This greatly increases the time an attacker will need. 82 80 83 81 A common way to stop brute force attacks is to lock out the WordPress account after a defined number of failed authorization attempts (there are various brute force plugins that do this). 84 82 The problem with this approach is that the site administrator ends up with unhappy users who have been locked out, often needing manual intervention to regain access. This is not sustainable or desirable for sites of any size. 85 83 86 The modern approach to brute force prevention is to track the devices that genuine users use to log in, ensuring they are always treated kindly 87 if they forget their password. Unrecognized devices face a progressive but temporary timed lockout. 84 The modern approach to brute force prevention is to track the devices that genuine users use to log in, ensuring they are always treated kindly if they forget their password. Unrecognized devices face a progressive but temporary timed lockout. 88 85 89 86 = Stop Brute Force Attacks = -
guardgiant/trunk/README.txt
r2451763 r2466383 73 73 74 74 The most common threat that WordPress site owners face is a password guessing attack known as a brute force attack. 75 A brute force attack is where an attacker uses a brute force tool (or script) to discover your password by systematically trying every possible combination of letters, numbers, and symbols until the correct password is found. 76 A brute force attack will always work eventually, but the problem for the brute force attacker is that it may take many years to do it. 75 A brute force attack is where an attacker uses a brute force tool (or script) to discover your password by systematically trying every possible combination of letters, numbers, and symbols until the correct password is found. A brute force attack will always work eventually, but the problem for the brute force attacker is that it may take many years to do it. 77 76 78 77 Brute force prevention techniques focus on slowing down these attacks to the point where they become unviable. 79 78 80 Using long and complex passwords (that are not dictionary words) is a good brute force attack prevention method to start with. 81 This greatly increases the time an attacker will need. 79 Using long and complex passwords (that are not dictionary words) is a good brute force attack prevention method to start with. This greatly increases the time an attacker will need. 82 80 83 81 A common way to stop brute force attacks is to lock out the WordPress account after a defined number of failed authorization attempts (there are various brute force plugins that do this). 84 82 The problem with this approach is that the site administrator ends up with unhappy users who have been locked out, often needing manual intervention to regain access. This is not sustainable or desirable for sites of any size. 85 83 86 The modern approach to brute force prevention is to track the devices that genuine users use to log in, ensuring they are always treated kindly 87 if they forget their password. Unrecognized devices face a progressive but temporary timed lockout. 84 The modern approach to brute force prevention is to track the devices that genuine users use to log in, ensuring they are always treated kindly if they forget their password. Unrecognized devices face a progressive but temporary timed lockout. 88 85 89 86 = Stop Brute Force Attacks =
Note: See TracChangeset
for help on using the changeset viewer.