WordPress security watchdogs, Sucuri, have revealed that “brute force” attacks are at an all time high.
A brute force attack occurs when an attacker runs a script that attempts to crack a website’s password. This occurs by attempting to log in to a site with automatically generated passwords at rate of thousands of times per minute.
Brute force attacks are not new — in fact, they’ve been around over 15 years, and data shows they’re still going strong.
There have been so many this year that Sucuri has created a new page dedicated to monitoring the current threat level of brute force attacks.
On this page you’ll see that the amount of brute force attacks has grown from around 5 million per day at the beginning of the year, to 35 million per day in the second week of September.
Sucuri’s data also shows the majority of brute force attacks originate from the United States. Attacks tend to occur most frequently between 12pm to 2pm EST, but a site can be vulnerable to a brute force attack at any time.
One of the best way’s to protect yourself from a brute force attack is to have a strong password that’s difficult to crack. It’s also a good idea to have some kind of monitoring system in place so you’ll be notified if your website is the target of a brute force attack.
Another easy way for attackers to gain control of your WordPress site is through flaws found in older versions. It’s important to stay on top of WordPress update because they often contain important security fixes.
That being said, a new security and maintenance release was just put out today. You can download it from your WordPress dashboard to keep your site safe against known vulnerabilities.