Protect Your WordPress Website from New Brute Force Amplification Attacks
Protect Your WordPress Website from New Brute Force Amplification Attacks. With over 60 million active sites, WordPress is by far the most popular content management platform on the Internet… which means it’s a constant target for hackers and cyber criminals looking to defraud or deface websites.
Recently, security researchers have identified a new twist on the classic Brute Force Attack (BFA) method that allows the attacker to tuck thousands of password challenges into a single request.
If you think of traditional BFAs as a shot from a rifle – a single, compact bullet meant to hit on a precise password – then Brute Force Amplification Attacks (BFAAs) are more like a shotgun -a cloud of pellets headed in one direction and just looking to poke a hole in the defense.
With thousands of attacks coming through disguised as a single request, the hackers have the advantage.
Every WordPress security plugin worth its salt already has sophisticated methods for blocking Brute Force Attacks, but BFAAs are a completely different story.
How to stop BFAAs
There is no single solution to web security on Earth, and there never will be. That’s why every website NSG hosts is protected by a sophisticated, multi-layered bundle of security solutions that minimize points of failure.
Our web hosting security suite has been identifying a preventing BFAAs for years. While it would take more space than we have here to lay out the entire workflow, here are a few key tips you can use to keep your WordPress site safe:
- You get what you pay for: WordPress developers have created some wonderful free security plugins, but you’re going to have to invest in a for-profit solution to truly be safe. Do the research, check the reviews and remember that spending a couple of pennies per day is much more affordable than losing clients and data to an attack.
- Know Thy DNS: Your Domain’s Name Server may have security settings you aren’t using. Contact your hosting company to see what security settings they offer. If none are available, it’s time to explore moving to a better hosting service.
- Rock the CAPTCHA: Adding a CAPTCHA to your admin login page is the easiest, cheapest and quickest way to thwart BFAs and BFAAs.
- Limit login requests: Adjust your WordPress settings to lock out users who exceed pre-determined number of invalid password attempts.
Just the beginning
These techniques will help get you on the road to preventing successful BFAAs, but if you really want to know your website is safe, we suggest you contact NSG today.
In addition to 24/7 monitoring and security, our web hosting solution includes daily backups, malware scans, bandwidth monitoring and more, all backed by our Always Here team of expert developers. We’re constantly updating or web security platform with new layers of protection for emerging attack techniques without slowing down load times or site performance.
Getting started is easy! Contact NSG today at (615) 577-4390 or [email protected] for a free assessment and proposal that’s tailored to fit your unique business goals.
It’s just another reason we’re Always Here. Always Moving.