A brute force attack is an attempt to crack a password or username or find a hidden web page, or find the key used to encrypt a message, using a trial and error approach and hoping, eventually, to guess correctly. This is an old attack method, but it’s often still effective and popular with hackers.
Depending on the length and complexity of the password, cracking it can take anywhere from a few seconds to many years. In fact, IBM reports that some hackers target the same systems every day for months and sometimes even years.
Guessing a password for a particular user or site can take a long time, so hackers developed tools to do the job faster.
Dictionaries are the most basic tool. Some hackers run through unabridged dictionaries and augment words with special characters and numerals or use special dictionaries of words, but this type of sequential attack is cumbersome.
In a standard attack, a hacker chooses a target and runs possible passwords against that username. These are known as dictionary attacks.
Strong passwords are an important defense. One of the security plugins which ProtectYourWP.com installs on your web site will check your passwords against a database of usernames/email addresses and passwords which have been exposed in breaches (and therefore are available to hackers) and rejects any attempts set them as your new password. ProtectYourWP.com also uses tools which recognize when multiple login attempts are being made and blocks the abuser’s attempts.