Application SecurityBrute Force AttacksSecurity

WordPress Sites Exploited Through Brute Force: 3 Simple Ways to Protect Yourself from the Attack

April 15, 2013 — by Yaniv Balmas6

During the past week we noticed an abnormal increase of brute force attacks targeting WordPress applications.

The attacks use automated scripts that attempt to login to WordPress default admin page using common usernames and passwords.

The brute force attacks originate from a large number of sources consisting of both legitimate web servers and private home computers. Several reports have been published which have positively identified almost 90,000 attacking sources.

Once a username and password is successfully guessed by the attacking script, it uses the gained admin credentials to upload a malicious script to the compromised server.

While many of the brute force attempts were unsuccessful in guessing the admin credentials, the high volume of the attacks has caused excessive resource utilization to the servers hosting the WordPress applications, resulting in unresponsiveness to legitimate users for the duration of the attack.

Mitigation Recommendation

In order to mitigate the attack, WordPress servers are encouraged to use the following preventive measures:

Our ERT team confirmed 2 additional protection methods that may effectively mitigate the attacks. Since the attacks use common wordlists to perform the brute force, one method is to use JavaScript Web Challenges. This method has been proven to be successful in dropping the automated brute force tools while allowing legitimate JavaScript compliant clients to access the site. (Note that it is important to verify that legitimate clients support JavaScript in order to prevent false positives).

The second is to use an abnormal applicative behavior detection appliance that secures Web applications. This can block these brute force attacks by detecting multiple unsuccessful login attempts to the WordPress login page originating from the same source in a short time period. The malicious sources can then be suspended or blocked for configurable timeframes.

Additionally, in scenarios where shared IP`s are used (i.e proxy servers), a Throttling policy can also be applied in order to allow legitimate users to access the login page while effectively blocking malicious requests originating from that same IP address.

Yaniv Balmas

Yaniv Balmas is a Security Researcher at Radware with over 8 years of experience in the cyber security field. In his current role, Mr. Balmas is responsible for analyzing cyber-attack tools and techniques, as well as searching for more effective methods to help protect against them.


  • pilule de slabit

    January 21, 2016 at 9:31 pm

    Tyvm for the useful information! I wouldnt have found this otherwise!


  • social seo

    March 25, 2016 at 3:06 pm

    These days of austerity along with relative stress about having debt, many people balk contrary to the idea of making use of a credit card to make purchase of merchandise as well as pay for a vacation, preferring, instead just to rely on the actual tried as well as trusted means of making repayment – hard cash. However, if you possess cash on hand to make the purchase in full, then, paradoxically, that’s the best time to be able to use the credit cards for several good reasons.


  • Courtney Shier

    April 15, 2016 at 6:34 pm

    Enjoyed studying this, very good stuff, appreciate it. “Curiosity killed the cat, but for a while I was a suspect.” by Steven Wright.


  • Karl Brockell

    May 9, 2016 at 4:09 pm

    I’ve learned many important things through your post. I will also like to state that there may be situation that you will make application for a loan and never need a co-signer such as a Fed Student Aid Loan. However, if you are getting a loan through a classic bank then you need to be prepared to have a co-signer ready to assist you. The lenders may base any decision using a few components but the largest will be your credit history. There are some lenders that will as well look at your job history and determine based on that but in almost all cases it will hinge on your report.


Leave a Reply

Your email address will not be published. Required fields are marked *