Wordfence’s Latest About Security
Article Categories
The Wordfence threat report
Wordfence, a leader in WordPress security, has released its yearly threat report. Over the past twelve months, Wordfence software blocked over 90 billion malicious login attempts. That’s 2,800 unsuccessful attempts a second. The threat report is an excellent resource for alerting website owners and operators about the kinds of attacks, the frequency at which they occur, and what can be done to prevent site damage.
According to Forbes,
As the largest content management system in the world, WordPress has a huge bullseye painted on it, attracting hackers worldwide. There are several reasons why hackers go after WordPress sites, none of those reasons are .The WordPress organization and the security community are transparent when software weaknesses do occur. There are several vulnerability databases where known threats to plugins, themes, and the WordPress core are cataloged. The listings include information about the type of threat, a description, timeline, and a proof of concept (POC) describing the process that can be used to breach the software. Publishing this data, especially the POC, is delayed briefly to allow time to patch the software involved. Often the details available in POC, contains enough information even script kiddies can take down an out-of-date, poorly maintained website.
The 90 billion malicious login attempts mentioned in the first paragraph, represent the most common attack made on WordPress sites. Brute force and other password-related attempts are the number one threat. Most any security plugin you choose will help with these types of attacks. They can even protect us from ourselves by requiring strong passwords.
The Wordfence report shows the second largest number of blocked attempts were to exploit technical vulnerabilities. These technical attacks are best addressed by an effective firewall solution. As with brute force protection, there are many good security plugins with an effective firewall.
Wordfence blocked over 90 billion malicious login attempts. That’s 2,800 unsuccessful attempts a second!
For the third type of threat, Wordfence found over 70 million malicious files on 1.2 million WordPress sites. Over 17% of these infected files came from nulled plugins or themes. These nulled items are pirated copies of paid products. The sites providing the nulled software will break the product keys so that the software will run without being paid for and remove any reference to the original author.
The sites distributing the stolen software may appear to be reputable and certainly do not explain they are using work stolen from the original developers. It is also very likely these “free” plugins and themes contain at best, adware and at the worst, virus-laden malware.
The providers of nulled software are rewarded for their efforts by the malicious advertising they have added to the legitimate programs. They can also leave themselves backdoor access to websites using modified software. There’s not a technical deterrent for preventing nulled software. Hopefully educating WordPress users about the dangers of pirated software will slow the growth of this type of malware.
To wrap up, the Wordfence report identified three of the most widespread threats faced by WordPress website users. They were malicious login attempts, attempts to exploit vulnerabilities, and dangerous files spread from nulled software.
Using Wordfence or other quality security plugins plus keeping your WordPress site properly maintained and up to date will make a hacker’s job much more difficult. Most hacking attempts use automated scripts, looking for files to exploit. The time it takes to harden and secure your website helps to send these automated thieves looking for easier sites to attack.
NEW ARTICLES
Celebrating Two Decades of WordPress
WordPress has proven to be an unstoppable force in the ever-evolving digital landscape, where adaptability and customization are keys. As we look at the first twenty years [...]
DISCLAIMERS:
WPChronicle.com uses affiliate links and pay-per-action advertising. If you click these links or use them to buy something we may earn a commission.
WPChronicle.com may contain copyrighted material. This use may not have been specifically authorized by the copyright owner. The material contained in this website is distributed for informational and educational purposes. Small portions of the original work may have been used but those portions could not easily be used to duplicate the original work. This usage constitutes ‘fair use’ of any such copyrighted material (referenced and provided for in section 107 of the US Copyright Law).
All trademarks displayed here are the property of their owners and are neither an endorsement nor a recommendation for or from those organizations. The use of trademarks or links to the websites of third-party organizations is not intended to imply those organizations endorse or have any affiliation with WPChronicle.com.