Updated March 1, 2025
Reading Time: 2 minutes
The WordPress Brute Force Attack has been breaking records recently. And not in a good way. Securi posted some alarming statistics on April 12, citing that the attack scans were triple from old averages — increasing from 30,000 to 100,000 per day. Now they’ve revised those figures to a million, measuring the attacks at 30x the average. On Monday’s post Securi included several graphs that show the severity of the incident as well as its timeline. Here’s a brief recap of the staggering stats:
- The average hovers between 30,000 to 40,000 malicious scans a day
- The height of the Brute Force Attack reached 1,100,000 on April 11
- The scans mysteriously dropped off by Sunday, April 14
Brute Force Attack Strategies
In our post yesterday, we shared 6 ways to keep your WordPress website safe. We’re pleased to see that three of our strategies made Securi’s list, including:
- Multi-factor or two-factor authentication
- Black listing IP addresses
- Better controls on Administrator roles and password combinations
Why?
There’s probably no simple answer to this question. I’ve been on the Internet a long time, probably before Al Gore invented it 😉 The reasons for hacking into websites are numerous. It could just be a benign prank to get media attention. Or they may be trying to inject malware in order to capture passwords (for infiltrating financial information).
What if we harnassed this computing power (and coding skills) for good? What amazing things could we accomplish together?
Protecting WordPress from Attack