Hack Attempt - How I Stopped a Brute Force Attack

preview_player
Показать описание
A few days ago, someone tried to brute force attack my website but they were unsuccessful. In this video I am going to tell you exactly what this type of attack is and what I did to stop it.

  1. Web Monkey
  2. WordPress
Рекомендации по теме
22 AWESOME HACKS 0:13:09

22 AWESOME HACKS AND DIYs YOU SHOULD TRY

Kitchen hack is 0:01:00

Kitchen hack is easy and clean! 🍅

*Best Hacks to 0:00:26

*Best Hacks to Try! (DIY Life Hacks, Science Experiments, & Crafts)*

Hair in the 0:00:33

Hair in the Way? 🍝 Try This Amazing Dining Hack!

We Try Life 0:23:03

We Try Life Hacks That Actually Work

'Lithium-ion Battery Soldering 0:00:40

'Lithium-ion Battery Soldering Hacks You Must Try!' #shorts #ytshorts #lithiumbattery #hac...

Saw This Weird 0:00:18

Saw This Weird Hack On Internet 🙆🏻‍♀️ Lets Try #makeuphack #contourhack #viralhacks

Have you tried 0:00:12

Have you tried this #hack before?👀 #makeup #trending #broken #shadow #howto #beauty #veganmakeup

Try this hair 0:00:20

Try this hair hack for open hair 😱🥀#shorts #ytshorts #ytshortsindia #suhanasingh #trending #hack...

Which style hack 0:00:22

Which style hack would you try? 🥰 outfit details on my LTK❤️| fashion outfit inspo style tips ootd...

Which style hack 0:00:18

Which style hack would you try? 🥰 outfit details on my LTK❤️| fashion outfit inspo style tips ootd...

Trying the viral 0:00:13

Trying the viral off shoulder hack

Trying to escape 0:00:25

Trying to escape from a car trunk

Don't try this 0:00:23

Don't try this lipstick hack #lipstick #mackuphack #makeup #youtubeshorts

We Try Crazy 0:23:10

We Try Crazy TikTok Life Hacks

When your pants 0:00:10

When your pants are too long try this 🙌🏻 #stylinghack #viraltape #hack

Nose ring hack 0:00:16

Nose ring hack try for wedding function and photoshoot #hack #craft #diy

Trying the Viral 0:00:44

Trying the Viral Cinnamon Roll Hack from TikTok #shorts #cinnamonroll #cinnamonrollrecipe

Unbelievable New Hacks 0:00:29

Unbelievable New Hacks You Must Try

MUST TRY Nutella 0:00:14

MUST TRY Nutella hack 🤩 #shorts

You need to 0:00:13

You need to try this hack !!🎀✨ #fyp #hack #aesthetic #youneedtotry

I tried a 0:00:37

I tried a viral lipstic hack #hack #lipstics

Viral curls hack 0:00:16

Viral curls hack 🤯😱 #try kiya🤯 #youtubeshorts #hairtutorial #shorts #curls #hack #shortvideo #video...

My BIGGEST Dairy 0:00:20

My BIGGEST Dairy Queen ice cream hack

Комментарии
Автор

Thanks for the info and solution! It was good to hear how you approached and solved the problem after creating your own login page.

nihsumi
Автор

I was having a lot of brute force attacks on my site a couple of months ago. And even though they never breached my account what happened was my server's resources were overloaded and my site was effectively "crashed" for about 10 - 15 minutes a few times each day. I did install Wordfence and it did help but what really made a difference was installing the CDN Cloudflare.

loreauvillephil
Автор

what about 2FA authentication for your admin panel?

ChatFoootballWithDez
Автор

In the free iTheme plugin this feature is already build in.

franzhuber
Автор

Thanks for the video Alex.
I would like to point out some things about security. Most important is that this video is specific on brute force attack, and there are also other attacks, that recaptcha and changing the login page will not do any good. So about brute force attack,
1. You said that you cannot use the noCaptcha plugin, because you have a custom made page for login. Elementor gives you a re captcha to use, and every form now days do the same.
2. There is also a 3rd way to improve the login process, and that is the 2fa, witch wordfence supports it in the free version.
3. A major difference between adding a security field (recaptcha) and changing the login page, is the request the bot will do to the server. Every try to access the login page is a request, and every try to add a username and a password is a different request (that the server will respond with no recatcha error). This adds more load to the server and if it an attack from more than 1 bot, they can even overload the server and bring an access error.
4. Changing the login URL of the login page, may cause sometimes a conflict. It is not common, but there are some services, that try to add or access something from the wp-login. Again it is not very common but I have seen it happen in a website.
As for the question at the end, why people done it, there are many answers and the most common is money. Some attacks maybe for promotion, for redirection, for extracting user information and credit card details or for getting CPU resources to mine and other stuff.
Thanks again for the video.

stratos-tutorials
Автор

I'm sorry you got attacked.
Thank you for the valuable info though on how to protect a wordpress website.

Dispatern
Автор

What would have happened if you just ignored the problem? How bad would it be?

DroDro