Brute Force: You could say it’s like taking the “shotgun approach.” They are simply hitting the server looking for one thing, the correct login information for your WordPress site. ~ In Motion Hosting
We have been closely following the reports that Hosts who host WordPress are being targeted with Brute Force attacks. Basically, a Brute Force attack is when a hacker makes repeated attempts to access your WordPress installation through the admin user. It would appear to be the case after looking at several logs throughout our client sites.
We’d like to share some tips with you on how to protect yourself against these kinds of attacks.
1. Change your username if it’s “admin”. Instructions here.
2. Change your password to something that is a mixture of upper and lower case letters, numbers and symbols. Come up with a system that is easy for you to understand and remember and best of all – change monthly.
Example: Your favorite movie is “The Princess Bride”, you were born in 1975, the site’s name is “JollyGreenGiant.com” and it’s April. So you’d choose the acronym of your favorite movie, the last two numbers of your birth year, the first word of your site, and the month. I recommend that you substitute vowels for numbers and symbols. So your finished password would look something like this: TPB75j0lly@pr1l
The thing to understand about these attacks is that they play on the vulnerabilities of the end-user, which is you. If you aren’t doing your part, you may have some issues.
Please understand that every content management system experiences this type of attack at some point – it’s not just WordPress – so don’t be upset with the software. As long as you are doing your part, and your host is doing theirs, you should be fine.
Additionally, if you sign up for a Cloudflare free plan, you are automatically protected, as Cloudflare sits in front of a majority of the web requests and is able to stop the requests before they ever hit your site.
Please share this post on Pinterest: