Stop using complicated passwords that you can’t remember very well. Use a series of random words instead. They are much more complicated for programs to break.
What is a brute force attack?
A brute force attack is a program trying to log in to a site over and over gain using different username and password combinations.
A brute force attack can occur on any domain name include financial institutions, social networks, free email services like Google, Hotmail and Yahoo, credit card companies, etc.
Financial institutions have already tightened their security against these attacks by requiring a 2-step verification process (logging in and entering an access code which has been sent to your mobile phone).
The easiest way to defeat these attempts is to (1) not use a common username and (2) use a good pass-phrase (not a password).
What is the difference between a pass-phrase and a password?
A pass-phase is a more than one word separated by a space. A password is a series of both alpha and non-alpha characters without a space between them.
Why are difficult passwords easy to break?
The ease with which a username and password combination is to crack is all mathematics – not in what combination of numbers, letters, and special characters you use.
Below is a depiction of why any password (even ones with capitals and numbers) is easier for a computer to crack than a series of random words.

Can I use pass-phrases on any site?
It depends on the site.
Most financial institutions and large services such as Facebook, Google have moved to both (1) allowing spaces in their password and (2) allowing more than 8 characters in a password.
The latest versions of WordPress allow pass-phrases.
How can I make my WordPress site more secure?
There are several things you can do to reduce your risk of getting your site hacked.
- Install a plug-in to limit the number of wrong passwords attempt per hour for a particular username or from an particular IP Address.
- Maintain your site by making backups often and installing updates as they become available.
- Use pass-phrases for all your user accounts. You can install a plug-in that requires a certain password strength when a person changes their password or sets up an account.
- If you have a username “admin”, change it. If you are technical enough, you can go in the database and change it in the user table. You can also use a plug-in like WP Better Security to change it for you.