Violent brute force attacks on WordPress sites

Security researchers have registered 14 million attacks per hour on WordPress websites worldwide. The attackers want to gain access to the sites.

Currently, a wave of attacks against WordPress websites shakes the Internet. Wordfence security researchers have documented that unknown attackers attack 190,000 pages per hour via brute force. As a peak, they have observed 14 million attacks every hour.

They use a combination of usernames and passwords on a large scale to get admin access to web pages AKA Dictionary Attacks. In doing so, they proceed in a partially organized manner to try and derive the possible access data from the URL and the content of the website.

Malware mines crypto-currency


According to Wordfence, the target of the attacks is to install Monero software on hijacked sites or use it as a starting point for further brute-force attacks. Meanwhile, the attackers are said to have mined Monero worth 100,000 US dollars.

In the light of the high prices of Bitcoin & Company, mining via malicious software is currently a big trend in the malware scene. Often such pests are found in web browsers. Meanwhile, several software manufacturers are working on various protective measures.

Protection of WordPress pages

To protect against brute force attacks, WordPress site owners should use strong passwords, especially for their admin account. They should also change the default username “admin”. In addition, it is advisable to enable two-factor authentication. Admin accounts that are not needed should be deleted. There are also various plug-ins that blacklist IPs or limit sign-in attempts such as loganizer.

Leave a Reply

Your email address will not be published. Required fields are marked *