WordPress glossary

Brute Force Attack

An attacker trying thousands of password guesses against your WordPress login page.

Last updated 27 June 2026 · Reviewed by Ali Hassan

Brute force attacks hit /wp-login.php and the xmlrpc endpoint with credential lists harvested from data breaches. They are constant background noise on every WordPress site. Login limits, 2FA, and unique admin usernames block them.

Related terms

Two Factor Authentication (2FA)
A login method that requires both a password and a one time code, blocking 99% of stolen password attacks.
Hardening
A set of changes that make a WordPress site harder to attack: file permissions, login limits, security headers, and more.

Need this fixed, not just defined?

We have shipped hundreds of fixes for exactly this kind of issue. Book a 20 minute call and we will tell you straight whether it is a quick fix or a bigger root cause.

Book a 20 minute call +92 346 600 8404

Two Factor Authentication (2FA)Japanese SEO Hack

Call Book a call