Magento Tutorials

How to Stop Brute Force Attack in Magento 2

What is Brute Force Attack?

login form

Brute Force Attack is a hacking technique to break through a certain login form. The principle of Brute Force Attack is as simple as trial-and-error: Brute Force hackers use a program that automatically try plugging in values for username/password field, either one-by-one or parallel, with the hope of getting the right one. These values are taken out of available libraries of usernames/passwords that is formed by trying every possible combination of characters or data. These libraries are shared widely on the internet, sometimes even along with hacking tools.

How to prevent Brute Force Attack in Magento 2?

This simple type of hacking technique can be avoided by using these methods:

  1. Limit the number of login attempt
  2. Hide login link (Backend URL in Magento)
    backend login
  3. Use security password enforcement tool to require users to use strong passwords. In Magento 2, you are able to force users create highly secured passwords to avoid password-guessing using Password length, Minimum of different classes of characters in password (Lower Case, Upper Case, Digits, Special Characters), and so on.
  4. Limit the number of login on a single IP.
  5. Use captcha. Magento has its own library to include captcha in login form. You can also use popular captcha libraries like reCaptcha, Funcaptcha, solvemedia.
  6. Last but not least, always use complicated password and change your password regularly.

See also:
Magento 2 Error: One or more indexers are invalid
Catalog Price Rules not working in Magento 2

Is it helpful?


A knowledge craver who always strive to be wiser everyday.

Notify of
Inline Feedbacks
View all comments