What brute force attacks are

A brute force attack is when attackers repeatedly try different username and password combinations to break into a website.

How brute force attacks work

Automated bots try common usernames and passwords against WordPress login pages. They may repeat attempts quickly from one IP address or slowly from many IP addresses.

Why WordPress is targeted

WordPress is popular, so attackers often scan the internet for login pages and weak credentials.

How Host Luma helps reduce risk

Login attempts can be monitored.

Suspicious IP addresses can be blocked.

Rate limiting can reduce repeated attempts.

Security tools can flag unusual behaviour.

How customers can help

Use strong unique passwords.

Do not use admin as a username if avoidable.

Do not reuse passwords from other websites.

Remove unused administrator accounts.

Contact support if you see unusual login emails or lockouts.

Signs of brute force activity

Repeated failed login notifications.

Temporary lockouts.

Security plugin warnings.

Unusual traffic to wp-login.php.

Important notes

Strong passwords are one of the simplest and most effective protections against brute force attacks.

Need help?

If you are unsure about any step, contact Host Luma support before making changes. We can help check the correct settings and guide you through the process.