brute force attacks

Today we have received notice of an ominous event in the space of online security.

The notice came from a popular WordPress firewall plugin creator, WordFence. In part, it states:

“A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a huge number of attacks. This is the most aggressive campaign we have seen to date, peaking at over 14 million attacks per hour.” (Bold lettering by us.)

According to WordFence, the attack was so intense and so severe that it targeted 190,000 WordPress sites per hour. That’s right, per hour. The company went on to state, “This is the most aggressive campaign we have ever seen by hourly attack volume.”

This is quite stunning reporting. The attacks are what is referred to as brute force attacks where the attackers use trial and error to guess login credentials in very quick succession.

One possible reason for this uptake in brute force attacks could be the number of recent large scale hacks of huge databases with private data of millions of people that include login credentials.

The target of the attacks are WordPress-powered sites and the likely goal is to install spam ware. WP is the most popular CMS, it is free, open-source, but the cost of that means sites are open to vulnerabilities in poorly written plugins, and even in the core files themselves. However, the attack most likely effects thousands or more other sites not powered by the CMS as it appears WordFence only has data from sites using their plugin or using WordPress. The conclusion for this stems from the fact that hackers will use bots to scan for WP files on any site since they don’t know which site is powered by WP before hand. So there will be thousands of visits and scans by annoying spam ware bots.

At Domain Market Pro, we have previously written about our focus on online security. This is an area that is very important to us and we dedicate a lot of effort to making DMP Shops more secure. Keeping spam and other attacks out and keeping legitimate traffic in. Additionally, our parent company offers secure WordPress development.

DMP gives you piece of mind when it comes to security and the freedom to focus exclusively on domain sales.

Here is the post used as the reference for this article on the WordFence blog that also includes some good tips to protect your WP sites.