Last week in the President’s cyber security op-ed in the Wall Street Journal he implored Americans to move beyond simple passwords and to enable two factor authentication or cellphone sign-in. One of the things we monitor at Wordfence is the number of brute force attacks on WordPress websites. Brute force attacks are password guessing attacks, where an attacker tries to sign in as you by guessing your password. To give you an idea of the level of attacks in the wild, we gathered data on brute force attacks across the sites we protect within a 16 hour Window starting Sunday until Monday (yesterday) at 2pm Pacific time. Here are the highlights. Remember, this is only over a 16 hour window which is relatively short. During this time we saw a total of 6,611,909 attacks targeting 72,532 individual websites. We saw attacks during this time from 8,941 unique IP addresses and the average number of attacks per victim website was 6.26. The total number of attacking IP’s was actually 55,391 but we only counted IP’s that generated more than 10 failed logins across all sites. That way we excluded accidental login failures. So where are these attacks coming from. The results are not what you would
Share This