This is based on an email we sent to our customers. It generated a lot of interest so we thought we’d expand on it here.
Stack Protect is a security tool from 20i that protects website passwords.
One of the most common and easy ways to compromise a website is to guess the password for login to its content management system (CMS). For example, /wp-admin for WordPress.
Malware will use trial-and-error to try to guess your password.
It might start by cycling through variants of the most common passwords. This is known as a ‘dictionary attack’: where the code cycles through all the words in a ‘password dictionary’, using common words and passwords that have been used already elsewhere.
It’s why it’s you should use a unique, secure password: one that is truly random. This makes them difficult to remember – unfortunately – but there are password managers that can help with this.
Then there is the traditional brute force attack, where the code tries every character combination in sequence.
How Stack Protect protects your password
Stack Protect monitors requests to common login pages. When a request is made, it looks at a number of things:
- Publicly blacklisted domains and IPs
- Unusual geographic location (from the IP address)
- Previous login attempts from that host
- Number of login attempts, and how many websites they’ve tried to access
- Failed logins and previous firewall rule breaking
If these criteria are matched, a Google reCAPTCHA splash page is presented:
This stops the brute force script in its tracks.
The splash page is served before any of the CMS’s code is executed. It takes place on on physically isolated servers, so that malware can’t access the core data for your site.
It happens very, very often. For example, in the first 3 weeks of August 2018, we had between 2.25 million and 5.5 million attempts – every day!
It’s just one of the ways that we help keep you secure.
Sadly, there are data breaches every day and no one can promise to keep you 100% secure. Even so, there are plenty of other ways that you can limit your exposure to harm from cybercriminals. We recommend using multi-factor authentication, physical security tokens and/or biometric methods (like fingerprints and retina scans) where possible.