{"id":18805,"date":"2026-03-17T10:29:03","date_gmt":"2026-03-17T10:29:03","guid":{"rendered":"https:\/\/www.20i.com\/blog\/?p=18805"},"modified":"2026-04-16T13:34:32","modified_gmt":"2026-04-16T12:34:32","slug":"password-attacks-how-to-defend-against-them","status":"publish","type":"post","link":"https:\/\/www.20i.com\/blog\/password-attacks-how-to-defend-against-them\/","title":{"rendered":"Password Attacks: How They Work\u00a0and How to Defend Against Them\u00a0\u00a0"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Password attacks&nbsp;remain&nbsp;one of the most common causes of compromised hosting accounts.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Despite advances in server-side&nbsp;security, firewalls, and malware detection, attackers&nbsp;frequently&nbsp;bypass these simply by logging in with&nbsp;stolen&nbsp;user&nbsp;credentials.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For website owners, this can&nbsp;result&nbsp;in&nbsp;the website being defaced, injected with&nbsp;malware&nbsp;or used for phishing attacks.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For resellers, it can mean multiple customer accounts compromised at once&nbsp;and&nbsp;damage&nbsp;to intellectual property and your brands&nbsp;reputation.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Once an&nbsp;account is compromised, further attacks&nbsp;can&nbsp;follow, such as&nbsp;<a href=\"https:\/\/www.20i.com\/blog\/how-to-protect-your-websites-from-dns-poisoning-spoofing-hijacking-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener\">DNS Poisoning<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/www.20i.com\/blog\/cross-site-scripting-how-to-protect-your-website\/\" target=\"_blank\" rel=\"noreferrer noopener\">Persistent XSS<\/a>.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In this&nbsp;post,&nbsp;we&#8217;ll&nbsp;explore&nbsp;password attacks&nbsp;and how to defend against them.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why Password Attacks Are So Effective in Hosting Environments&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Hosting platforms expose multiple authentication points by design&nbsp;such as control panels,&nbsp;CMS admin interfaces (e.g. WordPress&nbsp;admin),&nbsp;FTP\/SFTP services&nbsp;and webmail&nbsp;portals.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Attackers do not need to find a software vulnerability&nbsp;as seen in \u2018traditional\u2019 hacking methods&nbsp;if they can&nbsp;log in with credentials.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Most password attacks are&nbsp;automated, continuous, and opportunistic, scanning the internet for weak credentials at scale.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Common Types of Password Attacks&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Brute-Force Attacks&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">A brute-force attack&nbsp;comprises&nbsp;of an attacker or bot&nbsp;attempting&nbsp;large numbers of password combinations against an authentication point.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Modern attacks are&nbsp;fully automated&nbsp;to maximise attempts in a short window&nbsp;and distributed across many IP addresses&nbsp;to&nbsp;avoid detection.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Attackers rely on probability;&nbsp;short passwords with limited character&nbsp;variation&nbsp;or commonly used passwords&nbsp;dramatically reduces&nbsp;the number of guesses&nbsp;required.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Mitigation&nbsp;<\/h5>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Long, complex &amp; unique&nbsp;passwords&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Login rate limiting,&nbsp;temporary bans&nbsp;and lockouts&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CAPTCHA or challenge-response mechanisms&nbsp;(<a href=\"https:\/\/www.20i.com\/blog\/protecting-password\/\" target=\"_blank\" rel=\"noreferrer noopener\">StackProtect<\/a>)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>MFA\/2FA&nbsp;(Multi-Factor Authentication\/Two-Factor Authentication)&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Dictionary Attacks&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Dictionary attacks improve efficiency by replacing random guesses with&nbsp;curated password lists.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">These lists are&nbsp;frequently&nbsp;updated with the latest common password trends, usually seen in&nbsp;past&nbsp;data breaches.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">&nbsp;These lists&nbsp;contain:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/nordpass.com\/most-common-passwords-list\/\" target=\"_blank\" rel=\"noreferrer noopener\">Common passwords<\/a>&nbsp;(Pa55w0rd, Summer2021! etc)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Variations of&nbsp;common words&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Real passwords from&nbsp;<a href=\"https:\/\/ico.org.uk\/about-the-ico\/media-centre\/news-and-blogs\/2025\/12\/password-manager-provider-fined\/\" target=\"_blank\" rel=\"noreferrer noopener\">historic breaches<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Attack tools apply transformations (capitalisation, suffixes, special characters) to maximise success.&nbsp;Applying minimal changes to a password (e.g.&nbsp;Password123 to Pa55w0rd123!) will have&nbsp;little effect&nbsp;in mitigating this attack vector.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Mitigation&nbsp;<\/h5>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enforce minimum length over complexity rules&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Block known-breached passwords&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Educate users on passphrases&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>MFA\/2FA&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Credential Stuffing&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Credential stuffing uses&nbsp;real username\/password pairs&nbsp;obtained from third-party breaches.&nbsp;Often, these are leaked from an external service and published on the dark web for illicit actors to abuse.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Due to this, even&nbsp;the&nbsp;strongest&nbsp;passwords fail if reused&nbsp;and&nbsp;because&nbsp;only&nbsp;a single login is&nbsp;attempted,&nbsp;brute-force&nbsp;prevention methods fail.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Mitigation&nbsp;<\/h5>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Unique passwords per&nbsp;account&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>MFA\/2FA&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Access Control Lists (ACL)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Forced password resets after breach exposure&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Password Spraying&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Instead of attacking one account repeatedly, attackers&nbsp;will choose one or two common passwords&nbsp;and&nbsp;attempt&nbsp;them across many accounts. This is&nbsp;particularly&nbsp;affective against mailboxes and allows the attempts to stay below lockout thresholds, being more inconspicuous than brute-force attacks.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is particularly effective where shared password habits&nbsp;and weak enforcement of password uniqueness&nbsp;is present.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Mitigation&nbsp;<\/h5>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Detect failed attempts across accounts&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enforce&nbsp;<a href=\"https:\/\/www.thecyberhelpline.com\/helpline-blog\/2024\/5\/2\/world-password-day-tips-for-strong-passwords-amp-protecting-your-accounts?gad_source=1&amp;gad_campaignid=23300768152&amp;gbraid=0AAAAAok-vmxgHUvrUJ5XsTV-zNxHxf-kZ&amp;gclid=CjwKCAiAnoXNBhAZEiwAnItcG5WVCKd0_Z4sL9LWcozUlEO9wWWuwmMhj7rAdUwVTJoRqPF4pn2JZxoC7QQQAvD_BwE\" target=\"_blank\" rel=\"noreferrer noopener\">strong password policies<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>MFA\/2FA&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Monitoring at the platform level&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Phishing Attacks&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.20i.com\/blog\/how-to-protect-yourself-from-phishing-and-email-spoofing\/\" target=\"_blank\" rel=\"noreferrer noopener\">Phishing<\/a>&nbsp;bypasses technical security by exploiting user trust&nbsp;and gaining legitimate credentials through coercion or&nbsp;social&nbsp;engineering.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Steps typically involve&nbsp;an attacker curating a fake login page that looks and acts identical to the legitimate target. They will then send out&nbsp;phishing emails to victims&nbsp;en&nbsp;masse&nbsp;to&nbsp;trick users into entering their credentials into the illicit site.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The illicit website sends the credentials to the attacker, who will then use them to log into the legitimate site. Email and password combinations will also be used across different services to chance the victim reusing credentials.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Mitigation&nbsp;<\/h5>\n\n\n\n<ul class=\"wp-block-list\">\n<li>User awareness and&nbsp;<a href=\"https:\/\/docs.20i.com\/my-services\/how-can-i-identify-a-20i-phishing-email\" target=\"_blank\" rel=\"noreferrer noopener\">training&nbsp;on phishing<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Email authentication (<a href=\"https:\/\/www.20i.com\/blog\/spf-records-demystified\/\" target=\"_blank\" rel=\"noreferrer noopener\">SPF<\/a>,&nbsp;<a href=\"https:\/\/www.20i.com\/blog\/dkim-demystified\/\" target=\"_blank\" rel=\"noreferrer noopener\">DKIM<\/a>,&nbsp;<a href=\"https:\/\/www.20i.com\/blog\/dmarc-secure-email\/\" target=\"_blank\" rel=\"noreferrer noopener\">DMARC<\/a>)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>MFA (prevents reuse of stolen credentials)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Domain and certificate verification habits&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Malware-Based Credential Theft&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Malware&nbsp;is&nbsp;installed on a user\u2019s device&nbsp;through phishing or other means. Typical malware will&nbsp;record&nbsp;keystrokes, steal&nbsp;saved browser passwords&nbsp;and hijack authenticated sessions. Credentials are captured&nbsp;before&nbsp;encryption or hashing&nbsp;takes&nbsp;place.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Mitigation&nbsp;<\/h5>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Endpoint security and patching&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>MFA\/2FA&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Limit credential reuse across environments&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hash-Based Attacks&nbsp;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">If attackers obtain a password database, the passwords are usually in a hashed form and useless.&nbsp;Cryptographic hashes&nbsp;are designed to be a one-way function, meaning there is no way to reverse a hash back into its plaintext, usable&nbsp;form.&nbsp;Hashing alone always generates the same hash value for a specific password.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Instead, attackers will utilise rainbow tables, which are large&nbsp;databases&nbsp;containing&nbsp;passwords and their known hash values.&nbsp;They will then&nbsp;compare hashes against their known values&nbsp;and use the plaintext password to access accounts. Alternatively, attackers can&nbsp;use passwords to generate hashes on the fly&nbsp;and compare the hashed values to the stolen password hashes.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">With advancements&nbsp;in technology, tools can crack password&nbsp;hashes&nbsp;at faster rates each year.&nbsp;It is impossible to provide consistent&nbsp;times for each password due to variables like what hashing algorithm or hardware is used.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The below table gives&nbsp;a rough idea&nbsp;of just how easy it can be.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1201\" height=\"1107\" src=\"https:\/\/www.20i.com\/blog\/wp-content\/uploads\/2026\/03\/pw-attacks-inner.png\" alt=\"rainbow table showing how easy hash attacks can be\" class=\"wp-image-18809\" srcset=\"https:\/\/www.20i.com\/blog\/wp-content\/uploads\/2026\/03\/pw-attacks-inner.png 1201w, https:\/\/www.20i.com\/blog\/wp-content\/smush-webp\/2026\/03\/pw-attacks-inner-300x277.png.webp 300w, https:\/\/www.20i.com\/blog\/wp-content\/smush-webp\/2026\/03\/pw-attacks-inner-768x708.png.webp 768w, https:\/\/www.20i.com\/blog\/wp-content\/smush-webp\/2026\/03\/pw-attacks-inner-400x369.png.webp 400w, https:\/\/www.20i.com\/blog\/wp-content\/smush-webp\/2026\/03\/pw-attacks-inner-800x737.png.webp 800w, https:\/\/www.20i.com\/blog\/wp-content\/smush-webp\/2026\/03\/pw-attacks-inner-832x767.png.webp 832w, https:\/\/www.20i.com\/blog\/wp-content\/smush-webp\/2026\/03\/pw-attacks-inner-150x138.png.webp 150w\" sizes=\"auto, (max-width: 1201px) 100vw, 1201px\" \/><\/figure>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Mitigation<\/strong>&nbsp;<\/h5>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Slow, adaptive password hashing algorithms, such as&nbsp;<a href=\"https:\/\/auth0.com\/blog\/hashing-in-action-understanding-bcrypt\/\" target=\"_blank\" rel=\"noreferrer noopener\">Bcrypt<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Salting&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Strong password policies&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>MFA\/2FA&nbsp;<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Salting&nbsp;is the process of adding unique random values to a password before hashing. This changes the resulting hash even if two users choose an identical password.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">With salting, identical passwords produce different hashes, which&nbsp;renders&nbsp;precomputed rainbow tables become useless. Attackers would need a separate table for each salt&nbsp;value which is unfeasible in most cases.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Tracking&nbsp;Compromised&nbsp;Data&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Monitoring services\u00a0that scan breach databases for stolen content\u00a0are available\u00a0online, such as\u00a0<a href=\"https:\/\/haveibeenpwned.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Have I Been Pwned?<\/a>.\u00a0<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This service collects and analyses thousands of database dumps&nbsp;containing&nbsp;leaked account information and allows users to search for their own information by entering their email address.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Reports include the company that leaked the data, what data was leaked and the date of the incident.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why MFA Changes the Threat Landscape&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Multi-factor authentication introduces a second requirement&nbsp;that adds an extra layer of security to accounts. This is often&nbsp;categorised&nbsp;as something you have (authenticator app, hardware token)&nbsp;or something you are (biometrics).&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This means&nbsp;stolen passwords alone are insufficient, automated attacks fail at the second step&nbsp;and credential reuse becomes&nbsp;irrelevant.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For resellers, MFA can be the difference between&nbsp;one compromised login&nbsp;and&nbsp;dozens of affected customers.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/docs.20i.com\/my-services\/two-factor-authentication-my20i\" target=\"_blank\" rel=\"noreferrer noopener\">Condisder enabling MFA\/2FA on your account today.<\/a>&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Special Considerations for Resellers&nbsp;&amp; Agencies&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Reseller accounts&nbsp;represent&nbsp;a higher-value target because they often&nbsp;control multiple hosting environments, have elevated privileges&nbsp;and are reused across internal systems.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Best practices include:&nbsp;<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>MFA on all reseller and admin-level accounts&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Strict application of the principle of least privilege&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>Separate credentials per service&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li>Regular access reviews and audits&nbsp;<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Final Thoughts&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Password attacks are&nbsp;constant,&nbsp;automated&nbsp;and relentless&nbsp;with&nbsp;compromises&nbsp;occurring&nbsp;through authentication, not software exploits. Regardless of how good server security is, password attacks are still a monumental threat.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Modern prevention relies on&nbsp;strong,&nbsp;complex&nbsp;and unique passwords coupled with MFA.&nbsp;Active measures like auditing and&nbsp;frequently&nbsp;updating passwords is imperative to keeping existing accounts secure.&nbsp;<\/p>\n\n\n<div class='code-block code-block-5' style='margin: 8px 0; clear: both;'>\n<hr>\n<br \/><a href=\"https:\/\/www.20i.com\/managed-cloud-servers\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/www.20i.com\/blog\/wp-content\/uploads\/2026\/03\/Blog-Ad-MCS-1200x625-1.png\" loading=\"lazy\" alt=\"Managed Cloud Hosting\"><\/a><\/div>\n\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"Password attacks&nbsp;remain&nbsp;one of the most common causes of compromised hosting accounts.&nbsp;&nbsp; Despite advances in server-side&nbsp;security, firewalls, and malware&hellip;","protected":false},"author":34,"featured_media":18807,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"ub_ctt_via":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"csco_singular_sidebar":"","csco_page_header_type":"","csco_page_load_nextpost":"","footnotes":""},"categories":[288],"tags":[],"class_list":["post-18805","post","type-post","status-publish","format-standard","has-post-thumbnail","category-security","cs-entry"],"featured_image_src":"https:\/\/www.20i.com\/blog\/wp-content\/uploads\/2026\/03\/pw-attacks-no-title-scaled.png","author_info":{"display_name":"Arron C","author_link":"https:\/\/www.20i.com\/blog\/author\/arroncruse\/"},"_links":{"self":[{"href":"https:\/\/www.20i.com\/blog\/wp-json\/wp\/v2\/posts\/18805","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.20i.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.20i.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.20i.com\/blog\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/www.20i.com\/blog\/wp-json\/wp\/v2\/comments?post=18805"}],"version-history":[{"count":3,"href":"https:\/\/www.20i.com\/blog\/wp-json\/wp\/v2\/posts\/18805\/revisions"}],"predecessor-version":[{"id":18945,"href":"https:\/\/www.20i.com\/blog\/wp-json\/wp\/v2\/posts\/18805\/revisions\/18945"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.20i.com\/blog\/wp-json\/wp\/v2\/media\/18807"}],"wp:attachment":[{"href":"https:\/\/www.20i.com\/blog\/wp-json\/wp\/v2\/media?parent=18805"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.20i.com\/blog\/wp-json\/wp\/v2\/categories?post=18805"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.20i.com\/blog\/wp-json\/wp\/v2\/tags?post=18805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}