Has anyone else been experiencing a rise in Brute Force attacks on WordPress recently?


Dan Foland

Local Search Expert
Joined
Sep 25, 2018
Messages
44
Likes
36
The past week or so I've noticed a higher than usual amount of Brute Force attacks.I'm curious if it's just me or if others are experiencing the same thing? Fortunately our developers and security tools are great at blocking them.
 

djbaxter

Administrator
Administrator
Joined
Jun 28, 2012
Messages
2,476
Likes
686
I'm not sure I've seen an increase in attacks: they are pretty much a constant for WordPress sites.

This is a pretty good comprehensive guide to WordPress security: WordPress Security: The Ultimate Guide to Secure Your Website in 2018

And this is a guide to security plugins: 14 Best WordPress Security Scanners for Detecting Malware and Hacks

My personal choices for must-have security plugins
Also, never use the default Admin account. Set up a different name for the account and then delete the one named Admin.

Additionally, set up daily site backups, malware scans (ClamAV Scanner), cPHulk Brute Force Protection, and ConfigServer Security & Firewall if you can with your hosting and available resources and drive space.
 

Tim Colling

Moderator
Local Search Expert
Joined
Sep 3, 2014
Messages
801
Likes
290
To answer the original question posed by @Dan Foland
The past week or so I've noticed a higher than usual amount of Brute Force attacks.I'm curious if it's just me or if others are experiencing the same thing?
I have not seen an increase in attacks, but that's not surprising to me for two reasons:
  1. Attacks are now a constant with WordPress websites, as @djbaxter said.

  2. I don't need to manage or watch over security for my websites because virtually all of them are hosted at WPEngine. WPEngine takes care of all of that for us.

    I have been a WPEngine customer since 2013 and we have never been affected by any attempted attacks on our websites there. WPEngine is far from being the least expensive hosting service, but they fulfill my number one criterion: they are like dialtone.

    Let me explain: they are always there, working correctly, taking care of many, many things that I would otherwise have to take care of myself. I don't have to manage them, I don't have to measure their performance, I don't have to wonder whether I need to check up on them. They just always work. For me, at least.
That's my experience, anyway.
 

SmallBizGeek

Forum Member
Joined
Mar 19, 2017
Messages
38
Likes
7
I suggest always running a parallel copy of your site in WAMP. That involves migrating your database to a local URL and copying the updated plugin folders from your live server to your WAMP server.

I just like to see that my database backups are "good". I want to see a copy of my site offline, since WordPress sites are always under attack when they're online.
 

Local Search Forum


Weekly Digest
Subscribe/Unsubscribe


Google Product Exert

@LocalSearchLink

Join Our Facebook Group

Top