Hosting protection against attack of logging into WordPress

For a long time, we have been observing increasingly frequent attacks involving attempts to log into WordPress. It’s about trying to break a password. These are references to the address /wp-admin but most of it leads to the destination address, which is used to log in to the WordPress cockpit /wp-login.php

There are many attempts to log in. We present examples of statistics of login attempt from the last few days from our servers:

Day: 01.04.2019 – 1 612 536 login attempts
Day: 02.04.2019 – 1 790 586 login attempts
Day: 03.04.2019 – 1 220 636 login attempts
Day: 04.04.2019 – 1 841 637 login attempts
Day: 05.04.2019 – 949 847 login attempts

What causes such attacks ?

  • a password may be broken when the attacker “guesses” it.
  • the number of connections in WordPress can saturate the number of processes in the hosting account and as a result, the site may stop displaying to legal users. Server must handle every connection and it does not know which is real and which is an attack.
  • the number of attacking connections is reflected in the performance of the entire server – machines are chosen in such a way that they have a reserve of “power” – thousands of attempts to log into the WordPress cockpit can be compared to a DDoS attack (distributed denial of service). Often during such an attack, the server load increases and it can even stop responding altogether (which happens very rarely), however, due to the higher load on the website, customers may have higher response time.

Protection logging into WordPress on Smarthost hosting.

Not long ago, we have introduced advanced rules that block attacks associated with logging into WordPress. The mechanism is simple: if there are 3 attempts to log in to WordPress in less than 10 seconds we treat this connection as an attack and we block this IP for 5 minutes.

The advantages of our WordPress security solution:

  • we minimize the ability of the attacker to guess the password
  • we minimize the number of processes used on the client’s account
  • we relieve the web server, which means that customer websites work better

Protection is enabled on all our servers.

Latest posts by Adrian (see all)

Leave a Reply