How to Stop Brute Force Attacks on Windows Server
If your Windows Server is connected to the internet, especially using Remote Desktop (RDP), then attackers are already trying to break into it.
A brute force attack means someone keeps trying different passwords again and again until they get the correct one. This is done automatically using hacking tools.
What Is a Brute Force Attack?
A brute force attack is like someone standing at your door and trying thousands of keys until one works.
On Windows Server:
Hackers try to log in using RDP
They guess passwords again and again
They mostly target Administrator account
They never stop unless blocked
If they succeed, they can:
Steal data
Delete files
Install malware or ransomware
Lock you out of your own server
Step 1: Change the Default RDP Port
By default, RDP works on port 3389. Hackers already know this.
What to do:
Change RDP port to any random number (example: 45218)
Why this helps:
Most attacks scan only port 3389
Changing the port hides your server from basic attacks
Step 2: Lock Account After Few Wrong Passwords
This is one of the best protections.
Set rules like:
Lock account after 3 or 5 wrong attempts
Unlock after 30 minutes
What happens:
Hacker tries passwords
Account gets locked
Attack stops automatically
Think of it like an ATM card block after wrong PIN attempts.
Step 3: Allow RDP Only From Your IP Address
If you know from where you connect (office, home, VPN), then allow only those IPs.
What to do:
Block RDP access from the whole internet
Allow only your IP address in Windows Firewall
Result:
Hackers cannot even see your login screen
Even correct password will not work for them
This step alone can stop almost all attacks.
Step 4: Turn On Network Level Authentication (NLA)
NLA checks username and password before opening RDP screen.
Why this is good:
Hackers can’t flood login screens
Server uses less resources
Attacks become harder
Step 5: Use Strong Passwords & Rename Administrator
Strong password means:
Long password (12+ characters)
Mix of letters, numbers, symbols
Not easy words like admin123
Extra safety:
Rename Administrator account
Create a new admin user with different name
Hackers always try Administrator first.
Step 6: Use VPN for RDP (Best Security)
Best method is:
Do not open RDP to internet
Connect to server using VPN
Use RDP only after VPN login
Benefits:
RDP is hidden completely
No brute force attacks
Very secure
Step 7: Use Automatic Protection Software
There are tools that:
Detect login attacks
Automatically block hacker IPs
Popular tools:
RdpGuard
Server antivirus with brute force protection
Once installed, they work silently in background.
Step 8: Check Login Logs Sometimes
You don’t need to check daily, but sometimes look at:
Failed login attempts
Unknown IP addresses
Account lock warnings
If you see hundreds of failed attempts → attack is happening.
Step 9: Enable Two-Step Login (2FA)
If possible:
Add OTP or mobile approval to RDP login
Even if password is stolen:
Hacker still cannot log in
Read related: How to Stop Brute Force Attack on Windows