Major Increase in Brute Force Attacks on WordPress

It’s quite common to experience brute force attacks at this time of year. Anywhere from November to December you may notice a huge increase in brute force attacks on your WordPress site. This year is no different.

Let’s start by explaining what brute force attacks are.

A brute force attack is a very common attack especially common among popular CMS platforms including WordPress and Joomla. These attacks are an attempt by the hacker to guess your username and password. A hacker will use software that will automatically attempt to sign into your site using very common usernames, passwords, and keywords from your domain ranging from up to hundreds of times in just a few minutes. So what do you do?

Protect your website from attacks.

• Make sure that you have a very strong password. Enforce a strong password of all users on your site.
• Use a captcha or some form of user authentication on your user login
• Use a plugin like Wordfence or Sucuri. Both of these provide a free version of the plugin which will be enough to protect from a brute force attack.
• Disable your /wp-admin and /wp-login urls and create a custom login url.

Where are these attacks coming from?

Wordfence is reporting that most of these attacks come from 8 IP addresses in Ukraine. The IP addresses all belong to an orginization on the same network called “Pp Sks-lugan”. For a more details look into what Wordfence has found you can read all about it on their resent post here.

Protect from all attacks.

There are sure to be many more attacks this season. Make sure that your site is secure using these tips to avoid headache and lost time. Keep in mind to update your WordPress CMS, themes, and plugins. If you have any questions please leave a comment or contact us here. We are available to assist in any security needs. Have a great holiday!