Updated June 1, 2022Reading Time: 3 minutes
Security Plugin News
If you’ve been reading this blog for a while, you know that I am particularly strict about WordPress security. Our own website has seen a dramatic increase in brute force attacks… all unsuccessful, by the way. After digging into various plugins and other security measures, I’m happy to report of a new alliance that hopefully addresses this issue.
Botnet Brute Force Attacks Background
If you’re not familiar with brute force attacks on WordPress — or need an update of what’s been happening lately — let me give some background info.
First, WordPress is an open-source software. That means it’s free to use as the backbone for websites and blogs. Our agency specializes in WordPress because it provides a stable and easy-to-use platform for all sized businesses. You can add types of functionality through plugins — like eCommerce, event marketing, password-protected membership areas. It just takes time (and money) to make sure it integrates nicely.
Because WordPress is open-source… the coding is available to hackers. As security patches are issued by Automattic (run by co-creator of WordPress, Matt Mullenweg), bad guys are on the lookout for websites that are slow to upgrade. They use software (called botnet brute force software) to try to infiltrate weak passwords and other vulnerable links within a website. Hence why I harp on making sure that a business’ WordPress installation is up-to-date.
Automattic Bought BruteProtect
BruteProtect is a plugin that developed by Sam Hotchkiss back in 2013. You may recall that there were some headlines back chronicling a record number of WordPress websites experiencing brute force attacks. His brilliant idea? Create a plugin that could be added to Jetpack, a standardized all-around plugin offered by the makers of WordPress (Automattic). Sam was so successful that rather than investing in the coding venture Automattic decided to buy it. In my opinion, that’s the ultimate vote of confidence.
So how does this BruteProtect plugin work? Basically your website becomes part of a community. Similar to Akismet, a plugin to fight comment spam, BruteProtect bands together websites to guard against brute force attacks. Hackers hit one site and get repelled; then, the plugin takes it one step further. It communicates the offending IP address to the community thus blocking the hacker on all websites. I love that this plugin embraces the community culture of WordPress.
We’ve already installed BruteProtect and are testing it. We’re comparing its performance and compatibility with other security plugins like IP Blocker and Sucuri. In the coming weeks, we’ll keep you updated. Of course, if you want to talk about your website’s security one-on-one, give me a call.
How can we help?
How are you protecting your WordPress website?
We are the spectrum group online, and we offer strategic and tactical consulting so you can monetize your online presence. Call us for a complimentary 30-minute consultation to discuss your website’s user experience and translate that into sales.
photo credit top: Rob Pongsajapan
photo credit body: Tit Bonač