Lancaster WordPress Message Board › WordPress Brute Force Attacks and what you can do to protect your site
|A former member||
It is common for me to submit several hundred abuse reports as part of our security monitoring service every day. If I was asked for an off the cuff ball park of the main attack types from January 2012 to August 2012, I would probably answer with 40% remote file inclusion attacks, 40% local file inclusion attacks, 15% directory transferal attacks, 4% other (including brute force attacks), and 1% SQL injection attacks.
If you asked me from September 2012 forward, the answer would change dramatically with WordPress Brute Force Attacks now exceeding 50% of all attacks being reported.
If you review your or your hosting provider reviews your web site’s access logs on a regular basis, you can tell if there are Brute Force attacks being attempted on your WordPress site by seeing multiple requests to access the file wp-login.php from the same IP address over and over again. Sometimes it might be a single request every x period of time; other times it might be scores of requests from the same IP address. By the way, are you or your provider regularly checking your web site access logs for abuse?
How can you protect yourself against WordPress Brute Force attacks?
Read the full article at http://www.dynamicnet.net/2012/10/wordpress-brute-force-attacks/