Think no one is trying to hack into your WordPress site? Think again. When I completed the redesign of this site around May 1st, I installed a plugin called “Limit Login Attempts”. From the plugin page:
“By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.
Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.”
I set the options to lockout the IP address of the user attempting to log in after 4 failed attempts. In 9 weeks this plugin has lockout out 2,992 attempted log ins. That’s almost 48 per day. I’m guessing since my site gets a relatively small amount of traffic compared to a lot of sites, that this is well below the average for hacking attempts.
The bottom line is, if my little site is getting attacked this frequently, it’s safe to say any WordPress installation is getting attacked regularly. If you do not take measures to prevent it, it’s only a matter of time before your site gets hacked.
My next post will discuss some measures you can take to protect your WordPress site from being hacked.