Credential Stuffing
An automated attack using stolen username/password pairs from data breaches to access accounts.
How it works
An automated attack using stolen username/password pairs from data breaches to access accounts.
In WordPress
Different from brute force — uses real credentials from other breaches. Rate limiting and 2FA are the best defenses.
Related terms
WP HealthKit checks for Credential Stuffing-related vulnerabilities automatically
Run a Free Audit