Brute Force Bot Attacks on WordPress Websites – WordPress Security
WordPress has been suffering brute force attacks on logins. Recently, over 160,000 WordPress sites were forced to send hundreds of requests per second to an unnamed popular website according to Daniel Cid (CTO of Sucuri). This overloaded that website’s server and stopped people accessing the site for many hours.
Photo: WordPress.org
DDOS Attacks on WordPress Security
The Sucuri blog post reported that a DDOS (Distributed Denial of Service) attacks are becoming a common trend lately.
Go Viral Now website has been suffering a number of brute force bot attacks on our WordPress site lately. Fortunately, we have additional security for our website and this means that we have been able to block all the attempts at access to the dashboard of the WordPress admin panel.
Brute Force Login Attacks on WordPress Security on WP Sites
Brute force login attempts are becoming more common on WordPress installations and as a result, it is becoming increasingly important to ensure the complete security for your site.
Hacked websites are a real bane on the internet. Not only do they cause untold losses to companies who require their sites to be “live” but they can reduce trust in a business and it’s website and technical assets.
There are some excellent plugins that can provide an enormous amount of protection for your WordPress website. No plugin can provide complete protection for any website, we have found that none of our websites that use security plugins have been affected. However, if your site is hacked before you get a chance to secure it, we can provide help to remove the hacked files or code to get you back up and running as quickly as possible.
Photo: LimeCanvas.com
There is a big difference between plugins that just scan your site for malware and plugins that actively provide security for your site.
How to Ensure WordPress Security for Your Website
Wordfence WordPress Plugin
Some, like Wordfence, offer some excellent features for a free plugin. These include:
1) Scanning in real time.
2) Login security.
3) Will compare theme and other files with the ones from the official WordPress repository.
4) Real time traffic monitoring.
5) Other extras.
More info on Wordfence below.
BulletProof Security Plugin
Others, such as BulletProof Security use .htaccess rules to stop people from being able to hack your site.
This plugin is very complex and I must admit, I don’t find the interface very user friendly. However, there is apparently excellent support for the plugin from the developer who also offers a premium version for $59.95 (BPS Pro). The core plugin is free and probably has enough features for most sites.
However, due to its complexity, I wouldn’t recommend it for most users, particularly novices. I have used it on sites and needed to spend a bit of time creating files for the plugin to work with and fixing up my .htaccess file. Although it is designed to be able to work for novices, I wouldn’t recommend users who have no coding or development experience to use this one.
BulletProof Security will compare theme and other files with the ones from the official WordPress repository.
Better WordPress Security
I’ve tried Better WP Security in the past and it does have a lot of features. Better WP Security is a free plugin and is available in the WordPress repository. It also tries for an all in one security answer for your WordPress site.
I recommend using it with caution as it does make a lot of changes to the site. If something goes wrong, or needs installing, you will need more than beginner experience for this one. The plugin description and FAQ pages from the developer say that it is vital to do a full backup of your site before installing this plugin as it may break existing sites.
If you do use this plugin, it is a good idea to go through all the description and FAQ pages thoroughly first.
Sucuri:
is definitely one to consider. I would use this one and Wordfence over any of the other free plugins for ease of use and general security. If you find that your site is infected with malware, Sucuri can clean it up for you and get your website back up and running very quickly.
Sucuri also offers prevention and monitoring. They will scan and check your site regularly, similar to the Site Lock plugin, quickly notify you of unauthorised changes. Their plugin provides a web application firewall and 1-click hardening for future preventative measures.
If you want to go with an all round and total service for WordPress security, then Sucuri is a good option and will run one site for about $90 a year. Unless you are running a high traffic or ecommerce site, I don’t consider that you would need this level of security. Their WordPress plugin and a regular, free, malware scan should be enough for most websites.
Sucuri also provides a free scanner that anyone can use at any time to scan their site for threats.
Security Plugins We Recommend:
Wordfence: this is the plugin we have on our website. It stops and records IP addresses where multiple unsuccessful login attempts have been made. You can receive emails every time an attack is made on your website.
