This: Brute Force Attacks Build WordPress Botnet

Brute Force Attacks Build WordPress Botnet

I am seeing this sort of activity every day and the scale has gone bonkers recently. One of my sites was seeing an attack with several thousand intrusion attempts per hour, but each from unique IPs. Each IP was only used once or twice at most. I had to turn off the blacklist email notifications from our bot filter so that I didn’t go through my monthly sending quota in a matter of hours.

Thankfully we’re still standing because it was relatively easy to make adjustments to our bot filtering system but still. yikes.

I realise this isn’t exactly news (given the date of the article) but this fight has been ongoing for a while now.  Recently things seem to have escalated though as both defensive and offensive sides have been upping their game. WordPress security is now something you actually need to have a plan for or prepared to become a casualty. Not if but when.

WordPress is great in so many ways, but its popularity makes it attractive as a botnet platform, as well as the bandwidth from the nice always-on servers vs compromised pcs, which tend to get switched off and have crappy upload speeds.

It’s so easy to get going with wordpress (by design) that it ensures the “botherders” have an almost endless source of potential zombies by way of folks who haven’t yet figured out that wordpress security is actually a thing.

Krebs’ was apparently taken down recently by a DDOS from IoT devices so imagine what you could do with a network of wordpress sites…


If you run a wordpress site and don’t run somesort of defences, the chances are you’re probably not monitoring login notifications either which means that you’re not seeing the potentially thousands of intrusion attempts on your site that are happening all the time and at best occupying your server by making it load the page thousands of times for someone who’s trying to harm you.

So basically you won’t even know that anything’s going on until it’s already happened.


Welcome to Plus8 web development

Welcome to Plus8 web development. This site rebuild is long overdue but till recently the old site was based on drupal 6 which is no longer supported and had to be pulled since it was a security risk.

My client’ sites are still my priority so progress here is likely to be somewhat slow but hopefully there will be some 🙂

Much of my client work is confidential so there won’t be much by way of examples but there is likely to be some ranting about adwords, split-testing, marketing, wordpress, random coding projects, security and of course bots.

Nothing to see here, move along.