Our website is under Brute Force attack, how do i stop extra server load?

Hi there,

I have installed Wordfence and Sucuri plugin which is generating continuous emails informing me of multiple ips getting locked out as they tried the username "admin" and "test".

Not so long ago, our website was infected with a PHP mailer script and as a result, I had to recreate our entire website onto a new server.

I do not wish to go through that again. I have installed wordfence's 2 step authentication (I was surprised that it is still an addition to the existing password field each time I login).

Is there any idea around:
1. How can I not become a target? As the traffic stats might be mixed up because of these attacks and our cost for hosting at Amazon EC2 could skyrocket.
2. Any other suggestions?

Kind regards,
Malkiat Singh

  • Nastia

    Hello @Malkiat, I hope you are well today!

    Thank you for this question!

    There are several reasons why will somebody attack your site:
    - They want to use your site to send out spam email.
    - They want to gain access to your data, mailing list, credit card information, etc.
    - They want to gain access to your site and cause it to download malicious software onto your end user’s machine or they want to install malicious software for use on your site.

    This article explains the steps you should be taking in order to have a better security:
    http://codex.wordpress.org/Hardening_WordPress

    Have a look at this post as well:
    https://premium.wpmudev.org/forums/topic/there-in-the-last-2-months-we-had-a-lot-of-brute-force

    Here some tips to secure your WP site:
    - Back up your website often. If you haven't yet, you can try a Snapshot Pro Plugin
    - Do not use "admin" as your username
    - Use a strong password
    - Limit login attempts. You can do this through Wordfence plugin as well
    - Encrypt important data with Security Keys
    - Implement two-step authentication
    - Delete unused plugins

    Please note! You should always keep up to date with the latest versions of WordPress, plugins and themes.

    I hope this helps! Take care :slight_smile:

    Kind Regards,
    Nastia

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.