As reported by Sucuri recently, Brute-force attacks on WordPress sites are on the rise and are still one of the most common website compromises.
Sucuri have also created this interesting WordPress Brute-Force Attack monitoring page, which shows the brute-force activity on WordPress sites on the Sucuri network.
More than ever, it’s important to ensure that all WordPress Admin accounts use strong passwords, and don’t use the admin username. WE strongly encourage all WordPress users to generate unique, complex passwords for every WordPress Admin account, and never reuse passwords.
For additional protection and monitoring in WordPress, WP NET recommends the iThemes Security, Sucuri SiteCheck and WordFence security plugins — each has their own strengths and weaknesses, so use these based on your requirements. If you’re a WP NET customer, just open a support ticket and we’ll be happy to set up a security plugin for you.
Automatic Protection with WP NET Managed WordPress
Brute-Force WordPress logins
All WordPress sites hosted on WP NET get automatic brute-force protection thanks to our managed firewall — more than 5 failed wp-login.php attempts result in a ban — you don’t need to install any plugin or do anything for this protection, it is automatically enabled.
Malware scanning and removal
Our specialised malware scanning is kept up to date with known threats and other security issues. Malware scanners have recently been updated to detect the Active Visitor Tracker malware. We don’t rely on remote site-checks like Sucuri SiteCheck that only access public files, we scan server-side across all hosted sites..