Brute Force Attacks Increase In December

From the Digital Labs of the North Carolina Blueberry Council
Website security organizations have been tracking a substantial increase in “Brute Force” attacks on websites. In particular, the world’s most popular web platform, WordPress has been the primary target. Many members as well as their partners in business, depend on WordPress for it’s uniquely powerful publishing capabilities. That is why WordPress counts for one out of every four websites, world-wide.

“Brute Force” attacks are usually robotic (bot), automated attacks on the login pages of WordPress and other websites. In non-technical terms,  a Brute Force attack happens when one or bots dial a login page and then begin to guess username and password combinations to gain access to a website’s administration page.

If the Brute Force attack is successful, a website may have it’s data stolen or have malware implanted to steal information from website visitors. Other results of a successful Brute Force attack include loading malware to leverage the website’s hosting account for a future DDOS attack against a company or government entity.

Even if a Brute Force attack is not successful, a website owner may suffer consequences that impact the experience of the visitors. In particular, since the bot is “visiting’ the website, it can induce a load on the hosting account as if there were hundreds of visitors. The result is that a website can run so slow that real visitors leave.

How To Protect Your Website From A Brute Force Attack

The main reason Brute Force attacks are so successful is that many website owners use simple or easy to guess user names and passwords. The easiest way to defend any website, including those built with WordPress is to use complex usernames and passwords and to change the password on a regular basis!

Other easy ways to defend a website from a Brute Force attack:

In WordPress change your Nickname to be different from your Username.
Never use “Admin” for a Username
– Brute Force attack use a massive database of common and collected Usernames and passwords to break into websites.
– By default WordPress uses the Username of the poster which gives half the answer to bot harvesting data to use in a Brute Force attack.

If your website has a username of “Admin”, simply create a new Administrator account with a unique name and complex password. If necessary, change your original Administrator email account to an alternate and use your normal email account on the new Administrator account. Then log out and log back in with your new account. At that time you can navigate to your USERS tab and DELETE the old “Admin” account.

Just be sure that in your new account that your email is correct!

When you delete an old administrator account, WordPress will ask you to assign any content to another account or to DELETE the account. If you want to keep the content generated under the old account, just select a new USER to assign that account to.

Be sure your Username and Nickname are different.

Additional Strategies and Tools to thwart Brute Force Attacks

When it comes to WordPress, there are many resources in the form of plugins, third-party security tools, and Content Delivery Networks (CDN) that can play a part in substantially reducing the threat of a website breach by way of Brute Force. With a bit of PHP code, your webmaster or in some cases, website host, can actually lock down the login page of a website. In essence, you can password access to the login page which tends to make the Brute Force bot go away.

WordPress Plugins That Can Help Thwart Brute Force Attacks

– BulletProof Security
– WordFence
– Sucuri

The idea is that by denying the Brute Force attack access to a login page or blocking it, your site visitors will not experience delays navigating your website. By taking action to prevent a successful Brute Force attack, you also protect your lead generation, website data and even your website visitors. If your company depends on your website for marketing, consult with your webmaster. The results of a successful Brute Force attack can be catastrophic! Successful Brute Force attacks have resulted in the theft of proprietary customer data, Blacklisting of websites, Ransomware being planted on visitors to a website and in some cases, the complete destruction of a website.

This information is provided as a courtesy to members of the North Carolina Blueberry Council, Inc. This content is intended to be informational. This is a courtesy alert by way of the Contract Digital Content and Web Manager whose opinion does not reflect any specific policy of the Board or Executive Director of the North Carolina Blueberry Council, Inc. Please consult your webmaster on the technical nature of your website and how to proceed. If you have further questions, you are welcome to contact the Digital Content Manager.