5 Comments

  1. J.D.

    I think it may be worth pointing out that despite the terminology employed by many of these companies in the WordPress security space, these technically aren’t “brute force” attacks. They are dictionary attacks of some form, which only target weak, commonly-used passwords. This is evidenced by the low volume of attempts from each of the pwned devices. A brute force attack would be an attempt to run every single possible password combination, up to a certain number of characters in length. This requires an unimaginably enormous volume of attempts, and as such, it is seldom, if ever, employed on the web. The time and resources needed to mount such an attack would not be worth it, at least not for attacks on random websites, only possibly in a targeted attack on a particular person/business/site. It is much easier just to run a dictionary attack with a few of the most common username/password combinations. Avoiding having your site exploited via a dictionary attack is as simple as using a strong password, and ideally also not using the “admin” username.
    Of course, raising awareness about insecure routers is certainly a good thing. It is sad to say that many routers are insecure and require maintenance on the part of average internet users, who have no idea about it. I’m thinking of purchasing a new router in the near future myself, and I’m hesitant to know which one to choose.

    Report

  2. Ron

    My router is an Asus Cellspot router from T-Mobile and when I run the test it tells me I am save.

    Report

  3. Lyle Wilson

    I’ve had my site up for about a year and Jetpack Protect reports 23,022 malicious login attempts. Is this in the normal range or am I being targeted? I have also recently switched to using Cloudflare and it seems to have leveled off. Found out last night that my pops has Zyxel (from CenturyLink); I’ll have to check next time I’m there.

    Report

  4. Steve Ashley

    I insisted to our ISP that we own and operate our own router: out of the blue, it attempted to add remote access without my consent during a maintenance visit. I refused as it potentially gave it access to our network devices, so the company installed its own router which we then wired into with our two routers. It gives us an added layer of protection, although of course the ISP router could still be compromised by a hacker if the company leaves open port 7547.

    Report

  5. David

    Just two days ago, I came across a security plugin called CipherCoin, I am sure there are others such plugins available. These plugins are said to protect WordPress sites against such brute attacks by limiting number of login attempts by any unauthorized source.

    Report

Comments are closed.

%d bloggers like this: