Last week our server at work suddenly became unresponsive and none of our websites would load. This looked similar to a problem that we encountered with the Gantry Framework for Joomla so I took the usual steps to solve the problem and it worked. Then, the next day, the problem occurred again. Then the next day and the one following that.

Upon investigation, it appeared that we were the victims of a Brute Force Attack on one of our WordPress sites. A Brute Force Attack is one where some a-hole creates a bot to constantly try to login to your site cause the server to become overloaded.

There are some ways of overcoming this attack as I found at http://codex.wordpress.org/Brute_Force_Attacks. Two things that they recommend are:

• Avoid using the “admin” username when creating your WordPress site
• Use strong passwords. Use a combination of numbers and letters and avoid dictionary words, your name, family member’s names, pet names or names of spouses

They also recommend a few plugins to help prevent this type of attack:

• Limit Login Attempts
• Lockdown WP Admin
• WP Fail2Ban
• Admin Renamed Extended
• Enforce Strong Password
• Wordfence Security
• 3WP Activity Monitor

They also mention modifying your .htaccess file and password protecting your “wp-admin” folder to stop this type of attack.

Keep these recommendations in mind when developing your WordPress sites and blogs and in time, we will defeat the evil scum who try to attack our sites!

Tags: security, wordpress