Apparently there are a number of brute force attacks going on for WordPress and Joomla websites. A friend’s site had an error.php file containing 62000 lines of invalid login attempts. The 2 WordPress sites I host (this one and Friends of Baildon Moor) were hacked. I posted before about belatedly “upgrading” the passwords used on the sites.
I have now installed a plugin that adds a delay to the login form if there are several invalid login attempts. I must admit I am taking their word for it that it is going to affect bot generated login attempts. I don’t know how it can introduce a delay to an http request that is simply saying login please with this username and this password. What does it matter that the site only responds after 30 seconds. How is it then going to say “Ok. I am not listening to your next request for x seconds.” Surely this only affects actual users with a web browser?
Leave a Reply