Brute Force Attack Prevention for WordPress


With WordPress running almost one third of the world’s websites, hackers have found an amazing pool to work through.

What makes WordPress vulnerable?

Well, security breaches in WP themes and plugins could be one reason. Even a very small vulnerability found in a WordPress install can expose millions of websites.

If you check Sucuri Website, you can see only a small amount of the security problems reported daily.

43 percent of cyber attacks are aimed at small businesses – Symantec Report

Are you using WordPress?

Then, you definitely need to pay extra care on your business.

Don’t worry!

You don’t have to stop using your WP website. You only have to take a few steps ahead and start solving problems before they occur.

Prevention is the KEY!

What is a Brute Force Attack?

A Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in.

There are many ways to perform a brute force attack. The most common method is dictionary-based attacks.

In a brute force attack, automated software is used to generate a large number of consecutive guesses.

Or, it can use stolen databases with IDs and passwords.

Brute Force attack still happening?

Yes, it still happens.

The most recent big attack was on December 18th, 2017.

This was the most aggressive campaign we have seen to date, peaking at over 14 million attacks per hour

Also, in December, the largest aggregate database to date was discovered  (found on the dark web) with 1.4 billion clear text credentials. It seems that this discovery is related to the December 18th brute force attacks.

It is an aggregated, interactive database that allows for fast (one-second response) searches and new breach imports. Given the fact that people reuse passwords across their email, social media, e-commerce, banking and work accounts, hackers can automate account hijacking or account takeover. This database makes finding passwords faster and easier than ever before.

We all know that prevention is better than cure.

So, start preventing any attacks on your business today!

What you can do to protect your website?

Basic Brute Force Attack Prevention Process

More difficult techniques to make brute force attack preventions

Thousands of websites get hacked into every single day, so don’t wait for the day to come when yours could potentially get hacked too.

Take action now.

“Every day, Safe Browsing from Google discovers thousands of new unsafe sites. Many of these are legitimate websites that have been compromised by hackers.”

What are you doing to keep your WordPress website safe?

Are you using some techniques that I haven’t mentioned in this post?

I am a WordPress Developer and I love creating plugins and themes for WordPress. It is a great CMS for any kind of business but we need to keep it a safe place.

I have over 10 years experience in building plugins and themes for WordPress and other platforms.

Contact me if you have plugins that you want me to check before you insert them in your website. I will be happy to check them for security and speed.

Latest posts by John Darrel

This content was originally published here.