{"id":431,"date":"2012-06-12T16:59:40","date_gmt":"2012-06-12T16:59:40","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/support\/2012\/06\/12\/wordpress-security-preventing-brute-force-attacks-on-admin-login\/"},"modified":"2022-10-14T06:43:13","modified_gmt":"2022-10-14T10:43:13","slug":"wordpress-security-preventing-brute-force-attacks-on-admin-login","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-security-preventing-brute-force-attacks-on-admin-login\/","title":{"rendered":"WordPress Security – Preventing Brute Force Attacks on Admin Login"},"content":{"rendered":"

There has been an increasing trend of brute force attacks on WordPress websites, and we recommend following the steps in our WordPress wp-login.php brute force attack<\/a> news update for steps to take to lock down and secure your WordPress installation.<\/p>\n\n\n\n

Why is WordPress targeted?<\/h2>\n\n\n\n

WordPress is one of the one most widely used website solutions on the internet today.\u00a0 As a result, it is also very often the target of malicious activity.\u00a0 Recently, there has been a trend in increased brute force attacks aiming to get access to WordPress as administrator-level users.\u00a0 This is in part due to the nature of WordPress and how it evolved into the website solution it is today. WordPress was originally designed to be simple blogging software. However, it is often used for many other purposes such as eCommerce, bulletin boards, personal journals, etc.\u00a0 This makes these websites more valuable as targets.\u00a0 Hackers often want to either disrupt this traffic or to somehow obtain information from these websites.<\/p>\n\n\n\n

What is a Brute Force Attack?<\/h2>\n\n\n\n

One of the methods to gain information -primarily LOG-IN information \u2013 is by using a method called BRUTE FORCE<\/strong> attack.\u00a0 Basically, as the name suggests, they are not hiding the attack, and there\u2019s no efficiency to the attack. You could say it\u2019s like taking the \u201cshotgun approach.\u201d\u00a0 It simply is hitting the server looking for one thing, the correct login information for your WordPress site.\u00a0 Hackers will often infect other computer systems and then set them to attempt logging into the WordPress Administrator.\u00a0 The illustration below shows graphically how the attack traffic can come from many locations and be mixed with normal website traffic.\u00a0 The attack can also come from just one location, but the method of trying to crack the login is the same \u2013 it is simply going through a sequential search for your login.\u00a0 Brute force attacks can also increase resource usage of the website.\u00a0 Therefore, brute force attacks are not only trying to crack through your security, but they are also driving up resource usage when multiple attempts on the WordPress login is occurring.<\/p>\n\n\n\n

\"brutef\"<\/a><\/figure>\n\n\n\n
\u00a0<\/div>\n\n\n\n

Preventing WordPress Brute Force Attacks<\/h2>\n\n\n\n

Since users are no longer using WordPress as simply a blogging solution, there isn\u2019t as much emphasis on user management for the owners of the WordPress site.\u00a0 And this may also be a contributing factor to the problem.\u00a0 WordPress Site Administrators should regularly cycle their passwords and review their user lists to make sure that no one has been added that isn\u2019t supposed to be on the list. Especially users added as Administrator-level users.\u00a0 There are also WordPress sites that do not require that people register to post comments or other actions on the website. To prevent unauthorized access we recommend the following:<\/p>\n\n\n\n