Six Million Site Attacks in 16 Hours



Site security has steadily become a more overt and pressing challenge globally, and WordPress’ rising ubiquity makes it an obvious target for nefarious attempts and exploitation. One of Annunciation’s preferred security tool providers (Wordfence) recently published the below results of a 16-hr audit of attacks to illustrate the scope and volume of these threats:

Last week in the President’s cyber security op-ed in the Wall Street Journal he implored Americans to move beyond simple passwords and to enable two factor authentication or cellphone sign-in.

One of the things we monitor at Wordfence is the number of brute force attacks on WordPress websites. Brute force attacks are password guessing attacks, where an attacker tries to sign in as you by guessing your password.

To give you an idea of the level of attacks in the wild, we gathered data on brute force attacks across the sites we protect within a 16 hour Window starting Sunday until Monday (yesterday) at 2pm Pacific time.

Here are the highlights. Remember, this is only over a 16 hour window which is relatively short.

During this time we saw a total of 6,611,909 attacks targeting 72,532 individual websites. We saw attacks during this time from 8,941 unique IP addresses and the average number of attacks per victim website was 6.26.