How to combat the brute force attacks on WordPress blogs

We wrote 1.5 months ago in the article Botnet attack on WordPress about the ongoing distributed attack on the WordPress platform.

WordPress has a default administrator called “admin” which can be changed to any user upon installation. According to various sources, the attack guesses up to 1000 most commonly-used passwords (see here examples).

Now, we see that the attackers have added more intelligent checks in their attempts to gain access to the blog. They are now parsing the blogs, extract the user names who posted something and then try to guess the passwords of these users.

A very interesting fact is that these intelligent attacks come from only a few domains in this moment. The most used are,

All the other attempts to access the default “admin” account continue, and even from the domains mentioned above still come a lot of requests with the default account.

There are some easy ways to prevent an attacker to gain access to your blog.

1. Set a strong password: this the most basic measure which should be used in combination with any other method.

2. Rename the administrative account: On a new install you can simply create a new Administrative account and delete the default admin account. On an existing WordPress install you may rename the existing account in the MySQL command-line client with a command like UPDATE wp_users SET user_login = 'newuser' WHERE user_login = 'admin';, or by using a MySQL frontend like phpMyAdmin.

3. Change the table_prefix: Many published WordPress-specific SQL-injection attacks make the assumption that the table_prefix is wp_, the default. Changing this can block at least some SQL injection attacks.

4. Install a security plugin like Wordfence: Make sure you configure it to block the IPs which have failed login attempts. Set the number of attempts to 1. After setting up the plugin, you will see emails like this:
wordfence-email has published a page where various methods of hardening WordPress are described. However, they are extremely complex  and should not be attempted by non experienced users. If you have any doubts about the security of your installation, contact your ISP that hosts the blog.


This is a chapter in Improve your Security free eBook. Get it from here:

All these and many more topics are in the free eBook "Improve your security" available here:

About the Author

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since 2000 in the IT Security industry and until 2014 for Avira as Product Manager, where he was responsible for the known products used by over 100 million users world-wide. Serving the security needs of so many different users made him think that there are other ways of to help the users: teachning them about security.

Comments are closed.

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.