A hacker is using a brute force program on my website trying to steal my users accounts. He managed to do so because some of them used a very simple passwords like 123456. My question is : What is the best way to prevent or stop that program from keep guessing the passwords? Or how to stop that attack?
I'm using PHP scripting my website and the login form is in the homepage.