Sounds nasty! This is remote computers bombarding websites with user names and passwords to try and log in. It is a constant issue. This is why you need details that are hard to crack. Passwords should be long, contain upper and lower case and special characters. 

6 ways to block Brute force attacks

Increase password length

Passwords under 7 letters can be cracked in seconds – a password over 10 letters/numbers/cases can take weeks.

Increase password complexity

Always use upper and lower case, special characters, and make each password unique.

Limit log in attempts

This limits attempts by scammers , and especially if lock out times increase exponentially

Implement captcha

Add these on all forms to block bots, can be annoying to user but are really necessary

Use two factor authentication (2FA)

So even if an attacker cracks the password, they would have to have access to your smartphone or email client.

Make complex log in user names

Avoid user names such as “admin” or the website title – far too obvious.