Aggressive Brute Force Wordpress Attack

[gkd_uk]

A massive distributed brute force attack campaign targeting WordPress sites started on the 18th December 2017 at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a huge number of attacks. This is the most aggressive campaign we have seen to date, peaking at over 14 million attacks per hour.

The attack campaign was so severe that we had to scale up our logging infrastructure to cope with the volume when it kicked off, which makes it clear that this is the highest volume attack that we have seen in Wordfence history, since 2012.

The campaign continues to ramp up in volume during the past hour as we publish this post. A graph of the attack volumes is shown below which shows the number of attacks per hour and the number of attacking IPs that we see each hour.

A possible explanation for this new massive increase in brute force attacks
On December 5th, a massive database of hacked credentials emerged. It contains over 1.4 billion username/password pairs. Approximately 14% of the database contains credentials that have not been seen before. The database is also searchable and easy to use.

Historically, brute force attacks targeting WordPress have not been very successful. This new database provides fresh credentials that, when matched with a WordPress username, may provide a higher success rate for attackers targeting sites that do not have any protection.

 

[azgold]

All I can think of to say is, WOW! And YIKES!

 

[viddox]

i feel much better since i started using wordfence, my niche sites have been hacked in the past but i always had full site backups so i could be up again within 1hr.

 

[Depalase1992]

Yeah, you should use wordfence for defense. This is like the best thing you can do to prevent brut force.