Brute Force Attacks

[frank]

It seems a Wordpress website I administer has been getting quite a few attempts by some nonenity trying to gain access to the wp-admin panel which I assume is what's called a Brute Force Attack, tonight has been about the fourth attempt in the past three weeks, fortunately I have the WP plugin Limit Login set to two attempts then locked out for 24 hours, also a captcha in the login page too so hopefully that will keep the hackers at bay.

The latest IP address 27.131.144.220 which traces back to Bangkok Thialand will be added to the list in the .htaccess file.

Is it really worth my while reporting these IP addresses to their ISP abuse dept (if one exists) or will they most likely belong to some poor sucker who doesn't know his IP address is being used for sinister purposes?

 

[KayJay]

It's a common occurrence. What you could do is send the ip to your hosting provider and see if they can do something about it like block traffic to the server from that ip address or ip range before it serves up your website.

 

[frank]

Thanks Kayjay, my host put a .htaccess on my webspace with a list of IP addresses and I just add as needed.

 

[mid_gen]

24 hour lockout effectively negates these kind of attacks, wouldn't worry about it.

 

[KayJay]

Another thing that you can do is rename the wp-admin folder.

There is a plugin ( http://wordpress.org/plugins/rename-wp-login/) for that but you can do a few other things to harden wordpress : http://codex.wordpress.org/Hardening_WordPress

 

[frank]

That's handy, I didn't realise the admin folder name could be changed, I thought that would screw things up, nice one.

 

[Delta Skies]

I got tonnes of these from all sorts of ip addresses. It started with one ip which I banned using the Wordfence Security plugin and then it seemed to kick off with login attempts from a multitude of ip addresses and countries - I'm guessing from the same person - too much of a coincidence otherwise. The vast majority of the time they are trying to get in via /wp-admin using "admin" or similar obvious user names. I quick piece of advice is never use anything obvious for a user name or password. Also install Wordfence. A great plugin for letting you know all sorts of things to do with people accessing your site.

I also tried the Lockdown WP Admin plugin but that didn't stop attempts via /wp-login which I wasn't happy with nor the lack of response/understanding on the support forum. I then changed to using the HC Custom WP-Admin URL plugin. It worked far better and has cut down the attempts massively.