Bobcares
Client Area
Emergency Support
Latest | Server Management | WordPress

How to Troubleshoot and Fix WordPress Brute Force Attack

by | Oct 1, 2020

Would you like to protect your WordPress website from a brute force attack? Here are a few ways to avoid them.

Here at Bobcares, we have seen several such WordPress queries as part of our Server Management Services for web hosts, WordPress users, and online service providers.

Today we’ll take a look at how to troubleshoot and fix a Brute-Force Attack in WordPress.

 

What is a Brute Force Attack

Brute Force Attack is a hacking method that uses trial and error methods to break into a website. Normally, hackers use automated software to send a large number of requests to the target system. With each request, these software attempt to guess the information needed to gain access, like passwords or pin codes.

If a brute force attack is successful, then hackers will get access to your website’s admin area. Also, they can install backdoor, malware, steal user information, and delete everything on present your website.

Even if the brute force attack is unsuccessful, it can wreak havoc by sending too many requests which slow down your WordPress hosting servers and even crash them.

 

How to troubleshoot and fix a Brute-Force Attack in WordPress

Here are the different ways to troubleshoot a brute force attack.

 

1. Identifying the source of the Brute Force attack

The first step here is to identify the malware responsible for the malicious traffic. There are a lot of tools available for this. But ClamAV (http://www.clamav.net/) is a good tool to initially attempt to identify and remove the malware.

In order to install ClamAV in Ubuntu, Debian, and most Debian-based distributions, you can run:

$ sudo apt-get install clamav clamav-daemon

For CentOS 8, you need to enable the EPEL (https://fedoraproject.org/wiki/EPEL) repo, which is an official repository of packages supported by the Fedora Project, and then install ClamAV.

You can do this with a single command:

$ dnf –enablerepo=epel -y install clamav clamav-update

After installing ClamAV, you can scan your system with:

$ clamscan –infected –recursive /path/to/wordpress/sites

Note: Make sure to replace “/path/to/wordpress/sites” with the correct path for your WordPress site.

Sometimes, ClamAV fails to find any malware. In such cases, you would need to manually investigate and find the malware. A good starting point is to find and identify any recently uploaded files, based on the file’s timestamp information.

To do this, use the ‘find’ command:

$ find /path/to/wordpress/site -mtime -DAYS

Note: Make sure to replace “/path/to/wordpress/sites” with the correct path for your WordPress site, and -DAYS with how many days to go back.

 

2. Update the WordPress Installation

Once you have found the malware, the next step is to prevent the attacks from reoccurring in future. For that, you can update your WordPress installation.

You can perform these updates from within WordPress’ administration UI in most cases, which does not require the use of any additional tools.

In a few cases, a theme or plugin may be abandoned by the author. Even though you have the latest version, the plugin or theme may have an issue that has not been fixed. In such a case, you can substitute the abandoned component that is currently updated.

 

3. Secure the WordPress Installation Against Malicious Attacks

After removing the malicious files and ensuring that all the components are updated, you can now secure your WordPress website.

For that, you can update your passwords for all the users who have access to the administration UI. Ensure to use a strong password.

Check the file system permissions. As a further step, you can enable a plugin that will limit the number of failed login attempts that will reduce the risk of brute force attacks. The wp-limit-login-attempts plugin is a popular option to use.

Lastly, consider using a WordPress security plugin like Jetpack or Wordfence.

You can also consider using a Firewall that filters out bad traffic and blocks it from accessing your site.

There are two types of website firewalls that you can use.

  • Application Level Firewall – This will examine the traffic once it reaches your server but before loading most WordPress scripts. This method is not very much efficient because a brute force attack can still affect your server load.
  • DNS Level Website Firewall – This will route your website traffic through their cloud proxy servers. Also, it allows them to only send genuine traffic to your main web hosting server while giving a boost to your WordPress speed and performance.

You can also try enabling Two-Factor authentication.

[Need any further assistance in WordPress errors? – We’re available to help you]

 

Conclusion

Today, we discussed Brute Force Attack and different ways to troubleshoot and fix a Brute-Force Attack in WordPress

Related posts:

  1. WP Migrate DB : Makes database migration a breeze !!
  2. How To Protect WordPress Site from the Genericons XSS Vulnerability
  3. WordPress 401 error – How we fix it
  4. “Sorry this file type is not permitted for security reasons” in WordPress

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

server management

Custom WordPress Development Solutions for Your Business

Talk to us

Or click here to learn more.

Related Articles

  1. WP Migrate DB : Makes database migration a breeze !!
  2. How To Protect WordPress Site from the Genericons XSS Vulnerability
  3. WordPress 401 error – How we fix it
  4. “Sorry this file type is not permitted for security reasons” in WordPress

Never again lose customers to poor
server speed! Let us help you.

GET STARTED

Privacy Preference Center

Consent Management

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Privacy Policy

Required
By using this site, you agree to our Privacy Policy.

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

Cookies Used

Required
PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]

livechat.bobcares.com

Opt Out
PHPSESSID

my.bobcares.com

Opt Out
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

Cookies Used

_ga, _gat, _gid

google.com

Opt Out
_ga, _gat, _gid

manager.smartlook.com

Opt Out
smartlookCookie

clarity.microsoft.com

Opt Out
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

Cookies Used

IDE, test_cookie, 1P_JAR, NID, DV, NID

doubleclick.net

Opt Out
IDE, test_cookie

google.co.in

Opt Out
1P_JAR, NID, DV

google.com

Opt Out
NID

olark.com

Opt Out
hblid

rb2b.com

Opt Out
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

Cookies Used

SID, APISID, HSID, NID, PREF

google.com

Opt Out
SID, APISID, HSID, NID, PREF