WordPress security watchdogs, Sucuri, have revealed that “brute force” attacks are at an all time high.
A brute force attack occurs when an attacker runs a script that attempts to crack a website’s password. This occurs by attempting to log in to a site with automatically generated passwords at rate of thousands of times per minute.
Brute force attacks are not new — in fact, they’ve been around over 15 years, and data shows they’re still going strong.
There have been so many this year that Sucuri has created a new page dedicated to monitoring the current threat level of brute force attacks.
On this page you’ll see that the amount of brute force attacks has grown from around 5 million per day at the beginning of the year, to 35 million per day in the second week of September.
Sucuri’s data also shows the majority of brute force attacks originate from the United States. Attacks tend to occur most frequently between 12pm to 2pm EST, but a site can be vulnerable to a brute force attack at any time.
One of the best way’s to protect yourself from a brute force attack is to have a strong password that’s difficult to crack. It’s also a good idea to have some kind of monitoring system in place so you’ll be notified if your website is the target of a brute force attack.
Another easy way for attackers to gain control of your WordPress site is through flaws found in older versions. It’s important to stay on top of WordPress update because they often contain important security fixes.
That being said, there are always updates being put out for WordPress. Use them!!. If you dont know how and want to keep your site safe against known vulnerabilities, then contact us today to see if your site is more at risk than it should be. We will have a look at your site for free and tell you what is missing and how we can assist you in making your site safer.
While there are numerous ways in which a WordPress site is vulnerable to attack, the following four weak spots are most commonly at fault when a WordPress site is hacked. Dont think these are the only ways, but just 4 of the most common.
- Easy to hack or weak usernames/passwords
- Theme or plugin that have bugs in them.
- If you don’t update the WordPress core files and themes/plugins in a timely manner.
- Nice (NOT) people who hack WordPress sites
Weak Usernames/Passwords: As of WordPress 3.8, the standard “password strength detector” forces you to create something extremely strong. This is undoubtedly part of the WordPress Foundation’s efforts to help reverse this particular statistic. So, never use the “admin” username and go as difficult as possible with your password (mixing letters, numbers and letter-case throughout). If you find you want to keep it simple for you to remember then your also making it simple to get your site hacked. Write it down (if you have to) and most importantly, keep it private. If you want to learn more about how weak usernames/passwords to reduce chances of a hacked site, contact us and we can have a chat to you.
Theme and/or Plugin: Now and then, even the most extremely popular premium themes/plugins will have an some sort of security flaw. However, you can avoid them by simply reading up on the plugins you’re installing, before you install them. But then most of the time you wont know as they dont know themselves. Stay away from free themes/plugins when they are not from the official WordPress Directories. Also, try to stick to themes/plugins with four and five star ratings. And to be on the safe side, just Google this: “[insert plugin name] security” and see if anything shows up.
Not Updating WordPress Core and Themes/Plugins: It’s understandable that if your site is highly dependent on the functionality of a few plugins, that you’re going to want to wait until they’re compatible with the newest version of WordPress before you update your core. However, when it comes to high quality and reliable plugins, they will almost always have an update within hours or days of the WordPress core release–if it’s needed at all. As a rule of thumb: if you see that an update is available, backup your site and run it.
On ‘Nice” People Who Hack WordPress Sites: It’s important to remember that there are ‘Nice” people out there (as well as misguided wannabe’s with malicious scripts) just waiting for you to slip up. So stay vigilant, follow the guidelines below, and you should be ok.