Need to protect your WordPress website from a brute force attack?
This guide is for you.
A brute force attack, also known as an exhaustive search, is a cryptographic hack that relies on guessing possible combinations of a targeted password until the correct password is discovered.
The longer the password, the more combinations that will need to be tested.
In this context, we shall look into how to troubleshoot and fix a Brute-Force Attack in WordPress.
More information about Brute Force Attack ?
Brute Force Attack is a hacking method that uses trial and error methods to break into a website. Normally, hackers use automated software to send a large number of requests to the target system. With each request, these software attempt to guess the information needed to gain access, like passwords or pin codes.
If a brute force attack is successful, then hackers will get access to your website’s admin area. Also, they can install backdoor, malware, steal user information, and delete everything on present your website.
Even if the brute force attack is unsuccessful, it can wreak havoc by sending too many requests which slow down your WordPress hosting servers and even crash them.
Different methods to fix Brute-Force Attack in WordPress ?
Here, we will look into different ways to troubleshoot a brute force attack.
1. Identifying the source of the Brute Force attack
The first step here is to identify the malware responsible for the malicious traffic.
There are a lot of tools available for this. But ClamAV (http://www.clamav.net/) is a good tool to initially attempt to identify and remove the malware.
In order to install ClamAV in Ubuntu, Debian, and most Debian-based distributions, you can run:
$ sudo apt-get install clamav clamav-daemon
For CentOS 8, you need to enable the EPEL (https://fedoraproject.org/wiki/EPEL) repo, which is an official repository of packages supported by the Fedora Project, and then install ClamAV.
You can do this with a single command:
$ dnf –enablerepo=epel -y install clamav clamav-update
After installing ClamAV, you can scan your system with:
$ clamscan –infected –recursive /path/to/wordpress/sites
Note: Make sure to replace “/path/to/wordpress/sites” with the correct path for your WordPress site.
Sometimes, ClamAV fails to find any malware. In such cases, you would need to manually investigate and find the malware.
A good starting point is to find and identify any recently uploaded files, based on the file’s timestamp information.
To do this, use the 'find' command:
$ find /path/to/wordpress/site -mtime -DAYS
Note: Make sure to replace “/path/to/wordpress/sites” with the correct path for your WordPress site, and -DAYS with how many days to go back.
2. Update the WordPress Installation
Once you have found the malware, the next step is to prevent the attacks from reoccurring in future. For that, you can update your WordPress installation.
You can perform these updates from within WordPress administration UI in most cases, which does not require the use of any additional tools.
In a few cases, a theme or plugin may be abandoned by the author. Even though you have the latest version, the plugin or theme may have an issue that has not been fixed. In such a case, you can substitute the abandoned component that is currently updated.
3. Secure the WordPress Installation Against Malicious Attacks
After removing the malicious files and ensuring that all the components are updated, you can now secure your WordPress website.
For that, you can update your passwords for all the users who have access to the administration UI.
Ensure to use a strong password.
Check the file system permissions.
As a further step, you can enable a plugin that will limit the number of failed login attempts that will reduce the risk of brute force attacks. The wp-limit-login-attempts plugin is a popular option to use.
Lastly, consider using a WordPress security plugin like Jetpack or Wordfence.
You can also consider using a Firewall that filters out bad traffic and blocks it from accessing your site.
There are two types of website firewalls that you can use:
i. Application Level Firewall – This will examine the traffic once it reaches your server but before loading most WordPress scripts.
This method is not very much efficient because a brute force attack can still affect your server load.
ii. DNS Level Website Firewall – This will route your website traffic through their cloud proxy servers.
Also, it allows them to only send genuine traffic to your main web hosting server while giving a boost to your WordPress speed and performance.
You can also try enabling Two-Factor authentication.