Has anyone else been experiencing a rise in Brute Force attacks on WordPress recently?

[Dan Foland]

The past week or so I've noticed a higher than usual amount of Brute Force attacks.I'm curious if it's just me or if others are experiencing the same thing? Fortunately our developers and security tools are great at blocking them.

 

[djbaxter]

I'm not sure I've seen an increase in attacks: they are pretty much a constant for WordPress sites.

This is a pretty good comprehensive guide to WordPress security: WordPress Security: The Ultimate Guide to Secure Your Website in 2018

And this is a guide to security plugins: 14 Best WordPress Security Scanners for Detecting Malware and Hacks

My personal choices for must-have security plugins

• UpdraftPlus WordPress Backup Plugin
• Wordfence Security – Firewall & Malware Scan

Also, never use the default Admin account. Set up a different name for the account and then delete the one named Admin.

Additionally, set up daily site backups, malware scans (ClamAV Scanner), cPHulk Brute Force Protection, and ConfigServer Security & Firewall if you can with your hosting and available resources and drive space.

 

[Tim Colling]

+1 for ^ what @djbaxter said

 

[Tim Colling]

To answer the original question posed by @Dan Foland

The past week or so I've noticed a higher than usual amount of Brute Force attacks.I'm curious if it's just me or if others are experiencing the same thing?

I have not seen an increase in attacks, but that's not surprising to me for two reasons:

1. Attacks are now a constant with WordPress websites, as @djbaxter said.
   
   
2. I don't need to manage or watch over security for my websites because virtually all of them are hosted at WPEngine. WPEngine takes care of all of that for us.
   
   I have been a WPEngine customer since 2013 and we have never been affected by any attempted attacks on our websites there. WPEngine is far from being the least expensive hosting service, but they fulfill my number one criterion: they are like dialtone.
   
   Let me explain: they are always there, working correctly, taking care of many, many things that I would otherwise have to take care of myself. I don't have to manage them, I don't have to measure their performance, I don't have to wonder whether I need to check up on them. They just always work. For me, at least.

That's my experience, anyway.

 

[SmallBizGeek]

I suggest always running a parallel copy of your site in WAMP. That involves migrating your database to a local URL and copying the updated plugin folders from your live server to your WAMP server.

I just like to see that my database backups are "good". I want to see a copy of my site offline, since WordPress sites are always under attack when they're online.