Joomla WordPress Brute Force Attack

Are you locked out of your Website Login screen due to a WordPress brute force attack? Do you see this message:

Brute Force Attack login message stating that sccount has been locked

A massive botnet attack is under way in an attempt to compromise your data. Learn how to protect your most important data and defend your site against this latest internet based attack.

At Gatsbo, we have been seeing a dramatic increase in brute force attacks on sites built on WordPress and Joomla content management systems (CMS). To learn more, read on…

What is a “Brute Force Attack?”

A brute force attack also known as an exhaustive key search, is an attempt to access your account by trying to guess your password. Basically a “bot” or web robot, attempts to access your account by entering a username then repeatedly submits the most commonly used passwords to try to gain access to your website.This is particularly problematic for CMS’s that use a standard or default username. When creating a WordPress site the default username is Admin. Because many developers don’t change this default, hackers now only need to guess your password and not both the username and password. (At Gatsbo Marketing we have been changing this suggested username for several years.)

If the hackers are successful, they can then implant malicious code into the files of your website. Sometimes this code crashes your site, sometimes it is used to gain access to your data, sometimes it is used to launch other attacks against other sites.

Massive Increase in WordPress Brute Force Attacks

An Article in The Next Web reported that over 90,000 computers were involved in this latest attack coming from computers all over the world. This makes it particularly challenging because web hosts can’t block individual IP addresses that are the source of the attack – there are too many of them! The article also stated that, according to Sucuri, attacks have gone from 30 to 40 thousand attacks per day to 77,000 attacks per day.

The most common usernames being targeted are:Graphic of wordpress brute force attack login screen target

  • Admin
  • admin
  • Administrator
  • root
  • test

The most common passwords being targeted are:

  • 12345
  • 12345678
  • 666666
  • 1111111
  • admin

How do I Protect Against the WordPress Brute Force Attack

  1. Make sure your WordPress and Joomla installations are up-to-date
  2. Make sure your WordPress plugins and Joomla extensions are up-to-date
  3. Use a non-standard Username
  4. Use a complex password that includes capital and lowercase letters, numbers and special characters !#$&* Read this article on setting strong passwords.

For sites hosted at Gatsbo, we have implemented the following defensive protocol:

If there are five unsuccessful login attempts within 30 seconds access to the login screen will be blocked for 15 minutes

If you see that access to your site is restricted – wait. If you attempt to login within the 15 minute window, it will extend the time for 15 minutes from your attempt.