According to WordPress security firm – Wordfence, The number of WordPress brute force attacks has more than doubled following a recent number of daily attacks & daily IPs involved.
According to the CEO & Founder of Wordfence,
Usually we see an average of around 13,000 unique IP’s attacking each day. We’re currently seeing over 30,000 unique attacking IPs and this is continuing to increase
From statistics, 15.7% of all brute-force attacks on a daily basis come from the Ukraine, with over 2.3 million attacks launched each day.
Of these, over 1.65 million came from an unknown ISP named Pp Sks-lugan, for which there’s almost no information available through Google. In fact, most of the information returned by Google is about abuse reports and security related incidents.
The brute-force traffic originating from these eight Pp Sks-lugan IP addresses is larger than the entire brute-force traffic coming from GoDaddy, OVH, and Rostelecom put together.
The simplest way to prevent brute-force attacks is to install a WordPress firewall plugin. If you don’t run WordPress, there are generic Web Application Firewall services or tools you can use.
If you use WordPress, another trick is to use plugins that hide your admin panel URL, so attackers can’t connect to it. Some of the plugins that allow you to do this are WP Admin Block, HC Custom WP-Admin URL, Protect Your Admin, Custom Login URL, and WPS Hide Login. WordFence, who provides a free and paid version of a WordPress security plugin, was able to gather details about the source of these attacks.