How to Protect Your Joomla Website From Brute Force Attacks

You know you need strong passwords, right? Did you ever really wonder why? I mean surely no one's going to guess your password. Are they?

Think again. Your Joomla admin area is probably under attack right now. Try this quick exercise:

  1. Access your FTP client and open your site
  2. Navigate to public_html/logs/
  3. Download  error.php to your computer. It may be quite large.
  4. Open it in a text editor

How many lines like this do you see?

2015-06-08 19:18:23 INFO 123.456.78.90 Joomla FAILURE: Username and password do not match or you do not have an account yet.

That's a failed login. The more popular a site is the more it gets targeted. The most popular site I worked on was logging over 100,000 failed logins each month until I put measures in place to block them.

So, what is a Brute Force attack?

Brute Force is a method of attacking a website by systematically bombarding the login page with username and password combinations until a successful login occurs. It's very simple and extremely common because hackers know users are lazy.

Can you believe the most popular password in the world is 'password'? Followed by passwords like "123123", "asdfasdf" or common words like "basketball" and "monkeys". See Splashdata.

These scripts run constantly, completely automated, day and night. When a successful login occurs the hacker gets a notification and your site will soon be compromised.

If you have a really good password, there is still the issue of all the extra traffic and bandwidth these attacks consume.

How do I counter brute force attacks on my Joomla site?

Firstly, always use a different login and password combination and use a combination of lowercase, uppercase, numbers, letters and symbols.

Stopping the attacks is usually as simple as configuring and extension like Akeeba Admin Tools,  Admin Exile, or Brute Force Stop.

Joomla staff recently wrote an article on The Importance of Using a Strong Username and Password which provides some great methods of creating super strong passwords that are also easy to remember.

John PitchersSince 2005, I've supported my family working from home building Joomla sites for paying clients.

If you're a first-time Joomla user, or building a freelance career of your own, I'm sharing everything I've learned one post at a time.

“My mission is to help you become the best Joomler you can be. Are you ready?


My Awesome Joomla Website