WordPress Security: Recent Brute Force Attack Targets WordPress

by | Dec 19, 2017 | Agency News, Web Development | 0 comments

On December 17th, at approximately 9pm central time, WordFence reported that they were seeing the largest brute force attack on WordPress security in history. The attack is reportedly coming from a large number of IP’s, all of which are generating a significant number of attacks individually. As of Sunday evening, the attack was just starting to ramp up, despite reaching record numbers. Here is some of the information posted by WordFence that we know about the attacks:

  • The attack has so far peaked at 14.1 million attacks per hour.
  • The total number of IPs involved at this time is over 10,000.
  • We are seeing up to 190,000 WordPress sites targeted per hour.
  • This is the most aggressive campaign we have ever seen by hourly attack volume.

Source: WordFence

Why is this happening?
WordFence has speculated that this happened due to the recent hacking of a massive database of credentials. That database included over 1.4 billion username/password pairs. With this new information out there, with 14% of them being new credentials never seen before, there is a good chance that many of them will match up with WordPress usernames and passwords.

What can I do to make sure my site is secure?
I’m glad you asked that question. It’s ever important to keep on top of security in today’s age, and there are a number of things you can do to make sure your site isn’t affected:

  1. Change your password. This is something you should do regularly anyway with all of your credentials. I always suggest using something like LastPass or DashLane to manage your passwords so that you don’t have to worry about remembering every password you use. You can generate a number of extremely complex passwords and the programs are extremely safe to use.
  2. Install a plugin like WordFence. Although premium users are automatically updated with blocked IP lists when attacks like this happen, even the free version of the plugin will help protect you. Note: Our clients who are on WPEngine do not need this step.
  3. Choose your host wisely. It’s no longer acceptable to buy into a cheap hosting solution for your business website. Budget hosts like HostGator, Host My Site, and many others have proven to have numerous problems with hackers. We have seen sites get malware just because they were on the same server as another site that was infected. Instead, choosing a host like WPEngine, although more expensive, is well worth the cost. They have built in security measures that give our clients peace of mind. At $29/month you can rest assured that you’re being taken care of and protected from attacks like these.
  4. Keep your WordPress plugins up to date. This is extremely important as old code can leave vulnerabilities that hackers are out there looking for. Many of the updates pushed out on a regular basis are for security reasons, not just functionality.


For more ideas, check out the official post from WordFence. They provide a few more ideas to help keep your site secure. If you’d like help determining whether your site is vulnerable, or would like to move to a better host, give Checkerboard a call. We don’t like to see your website go down any more than you do.

Start Your Project Today!

Call us for a free consultation at 612.787.7483

Build Your Site

Our Best in Market builds give you everything you need to get your marketing moving in the right direction.  You can count on us to build a solid foundation using industry standard tools that will help you get found in search, and grow with you over time.

Grow Your Business

Our monthly programs are customized to the specific needs of each individual client. Regardless of whether your budget is big or small, we’ll use the same strategies that are proven effective for helping reach your goals.

Support Your Team

Fast, responsive support from professionals who know what they are doing.  Support and maintenance programs available.

2960 Judicial Road, Suite 230

Burnsville, MN 55337


Questions? Start here or give us a call.