Sounds nasty! This is remote computers bombarding websites with user names and passwords to try and log in. It is a constant issue. This is why you need details that are hard to crack. Passwords should be long, contain upper and lower case and special characters.
6 ways to block Brute force attacks
Increase password length
Passwords under 7 letters can be cracked in seconds – a password over 10 letters/numbers/cases can take weeks.
Increase password complexity
Always use upper and lower case, special characters, and make each password unique.
Limit log in attempts
This limits attempts by scammers , and especially if lock out times increase exponentially
Implement captcha
Add these on all forms to block bots, can be annoying to user but are really necessary
Use two factor authentication (2FA)
So even if an attacker cracks the password, they would have to have access to your smartphone or email client.
Make complex log in user names
Avoid user names such as “admin” or the website title – far too obvious.