Couple of night ago, one of my developed site was facing the infamous Brute Force attack. The attack cause a high spike in server load and the tier-1 dedicated server that i’m hosting the site are down for couple of days. This is really bad for the site revenues and traffic.
Asking the dedicated hosting support staff to do some checking because i cannot login to the hosting control panel since its lockdown from server high load spike. To my suprise, the hosting support staff confirmed that my site were facing a brute force login attack. Over 75,000 login attempt were recorded in server log and all activity had the same IP pattern.
So i requested some insight on How to solve this issue from the hosting support staff, the response was to strengthen the password for ‘admin’ username since the login attempt mostly focus on this username. Second step is to add /wp-admin/ password access into .htacess. Basically its like the Google 2 step login confirmation. However this will be a troublesome step since the website that was attacked is a membership WordPress site that had more than 1000 users.
And then begin my research on How to Prevent Brute Force Login Causing Server High Load. Looking through WordPress Plugin Repository and i found one Captcha WordPress Plugin that simple enough to setup without any extra unnecessary settings. Just download, activate and choose where you want the Captcha active. It can be active in login form, register form, lost password form, comments form and contact form also. In my case, i only active the Captcha in my Login Form only.
After installing the Captcha WordPress Plugins, the website server activity went back to normal, one might say its faster maybe 🙂 Using Captcha or similiar plugin can prevent excessive $POST request from login attempt since a wrong Captcha code will cause wp_die() to initiated and hence lower the risk of server high load from brute force login attack.
You can download the Simple Captcha WordPress Plugin here to start protecting your valuable WordPress website from any future Brute Force attack. Hopefully this extra easy step can reduce or prevent the gruesome ‘headache’ from dealing with hosting and website down for couple of days like me.
This Post Has 4 Comments
With havin so much written content do you ever run into any issues of plagorism or copyright infringement? My blog has a lot of exclusive content I’ve either authored myself or outsourced but it seems a lot of it is popping it up all over the web without my agreement. Do you know any methods to help reduce content from being ripped off? I’d definitely appreciate it.
i find many seasoned writers use ‘copyscape’ to protect their content but with lot of scraping method nowaday, it hard to prevent content scraping for all. many scrapers use DOM_HTML method for content scraping which is hard to block.
I find that if the copying blog in question is hosted with a reputable service (ie WordPress), file a DMCA notice, or whois their domain to find their hoster and send them a DMCA request, or report them in Webmaster tools.
nice info Richie KS. i myself run a community ecommerce wordpress site and find this plugin is much simpler than the anti-spam plugin i previously use. Users complaining about the hard to read captcha.