Brute Force attacks
-
My website has been inundated (over 100 a day) with brute fore attacks for the past 5 days. Before that, they had been happening sporadically. When they started, I put all the things in place that have been suggested, 2FA, hiding Admin page, Login No Captcha and I already had limit login attempts. My theme and wordpress version are all updated, and my website host has updated php. I don’t mind paying for extra security, but I’d like to know why the ‘normal’ reinforcements aren’t working at all? Is there anything else I can do that I’m missing?
WP.com: Unknown
Jetpack: Unknown
Correct account: Unknown -
What is the URL of your site as it seems you don’t have a site running on the wordpress.com platform.
-
-
Hi there,
Nothing can prevent your site from getting brute-force attacks. All the security measures you mentioned will prevent a brute-force attack from succeeding, but it won’t prevent the attack from happening in the first place – if your website exists, someone can try to attack it :)
So as long as someone doesn’t actually get in and take down your site, the stuff you mentioned are working as they’re supposed to.
If the attackers are getting through, I recommend contacting your host directly to find out what they recommend. You can also look at the documentation for hardening WordPress here:
https://wordpress.org/support/article/hardening-wordpress/
But I’m afraid that’s as much as we’re able to help here – you’ve posted to the support forums for the hosting provider, WordPress.com, and your site isn’t hosted on our servers, so we don’t have any control over it. Support for your version of WordPress is provided by the community who makes that software in the forums on WordPress.org, so if your host isn’t able to help with this, you can try asking there for more advice.
- The topic ‘Brute Force attacks’ is closed to new replies.
WordPress.com Forums 