Why My WordPress Blog Is Being Attacked?

Why My WordPress Blog Is Being Attacked?

My WordPress blog has been live for about 30 days and I’m shocked at the malicious attempts to gain access to it.  Not quite sure what exactly the motivation is but it can be daunting for non-IT bloggers to see Brute Force attacks from IP addresses on the other side of the world.

I figured I would take some time to write about some of the activities going on in the last 30 days.  Let’s take a peek behind the curtains.

The Activities on My WordPress Blog

snapsnot-of-wordpress-attacks-by-country
Snapshot of Attacks By Country to Sage Knows IT

In the last 30 days, my firewalls have blocked more than 35 IP addresses who attempted to breach my blog.  The majority of the attempts have originated from Asian countries including Indonesia, China, South Korea and Hong Kong to name a few. 

What I find most fascinating is the attack vector or method they are using to gain access.  Based on the timestamps and frequency of the attacks, the attackers are likely using a brute force attack or automated scripts to gain a foothold into the website.  This means that they are not actually visiting my website but using a program that automatically enters in the username and password based on a common or collective list of passwords.

Furthermore, the user is adapting by changing their IP address after they get locked out.  This would also mean that the origin of the attack by country may not be the true location of the attacker.  Talk about covering your tracks.

failed-wordpress-login-attempts-to-Sage-Knows-IT
Failed Login Attempt to Sage Knows IT

Lastly, I want to point out that I notice the user names they are attempting to use are very generic.  Not complaining.  Just seems they are common things like part of the domain URL, words scraped from the website or admin.  This leads me to believe that there may be a significant number of WordPress users that do not change their default user names or passwords after signing up.

Why Is My WordPress Blog Being Attacked?

It is hard to pinpoint the exact motivation of threat actors.  I recall listening to a highly popular security podcast 3-5 years ago called Paul Security Weekly where it was suggested that WordPress (self-hosted) was among the top platforms attacked daily due to the wide variety of plug-in vulnerabilities.  This could be because more than a third of self-hosted websites are using WordPress as their content management system.  

As to the motivation of these activities, no one knows for sure unless they make a public statement. It has been my professional experience that these activities fall under 5 motives including financial, political (hacktivist), malicious, clout-based or accidental.  Perhaps in another post we can explore these more.

Despite the attacks, I do not believe this blog or myself are being targeted per se.  I believe this is all just part of the attacker’s philosophy. The mindset is to go where the fat is; that’s to say, you have a better chance of success where everyone is rather than where a select few are: Windows over Macs, Facebook over the now defunct Google+ and yes, Android over iPhones (although iPhones seem to have the more high profiled breaches).  You get the gist.

Security is typically an afterthought for the uninformed and only relevant when the user has been directly impacted.  That is to say, it’s more reactionary than precautionary for the majority of content creators.  This lack of dedication is the reason why attackers are so successful.  The only way to curve the attack surface is to take security seriously.

What Can I Do To Protect My WordPress Blog?

There are many things you can do to protect your blog and next week I will recommend 4 action steps you can take to secure your blog.  Here is sneak peek on passwords:

If there is a default password to get into your blog, change it and change it now.  As I alluded to in the last section, there are many password lists that consist of usernames and passwords from known breaches, but they also include default passwords like admin, password or password123.

Remember to use best practices when it comes to creating a password.  Passwords should be a minimum of 8 characters long with uppercase, lowercase, alphanumeric and symbols.  Avoid using personal information in your passwords like the name of your family members or pets.

Learning Opportunities

In these times, I think reflection is important.  As stated previously, I don’t think this WordPress blog is being targeted but in order to catch as many fish as possible, you have to go to the ocean and not your local pond and I believe that is what the attackers are doing.  

I know that I cannot get rid of the threats or attacks but taking precautionary steps instead of reactionary steps should help the longevity of the blog.

Next week, I will be releasing a few tips and tricks that I hope you find useful to help protect your WordPress Blog from being compromised. Feel free to drop your own tips and tricks in the comment section below.


To support this blog, post may contain affiliate links.   Please read our Privacy Policy for more information.

Drawing on over two decades of experience in the Information Technology industry, I have acquired a diverse range of roles that have shaped my distinctive outlook. Through this journey, I have developed into an accomplished authority in risk management, catering to Fortune 500 companies and small businesses on a global scale. Over the past 12 years, my primary focus has centered on empowering small business owners and insurance professionals to comprehend the ramifications of cyber incidents and effectively mitigate the risks associated with potential data breaches. My passion for cybersecurity has inspired me to create the Sage Knows IT blog. Through this platform, I aim to help small business owners and aspiring IT professionals understand the roadmap of the IT industry based on my experiences. Information Technology and Information Security are crucial for our future, and I hope my blog will motivate those who are interested in joining this ever-evolving field.

Related Posts

Client Confidence Crisis: How Neglecting Security Practices Can Drive Customers Away

In today’s digital landscape, establishing an Information Systems Security Program (ISSP) is no longer optional but a crucial necessity for organizations. This blog post explores the vital importance of implementing an ISSP early on and understanding the factors that influence its establishment and modification. Senior management’s role in championing ISSPs is emphasized, as their buy-in and recognition of its significance set the tone for organizational security practices.

However, misconceptions and flawed reasoning often hinder the adoption of robust security measures. From the belief that “it will never happen to us” to relying solely on insurance coverage, these notions can prove detrimental to an organization’s security posture. Furthermore, assumptions that clients don’t care about security or that the cloud provides ultimate protection are debunked, shedding light on the evolving expectations and regulations surrounding data protection.

The ugly truth emerges as we delve into the constant threat of internet vulnerability scans and the risks organizations face when vulnerabilities are discovered. This post aims to dismantle these flawed mindsets, highlighting the need for a comprehensive security approach beyond insurance coverage and the importance of addressing vulnerabilities proactively.

Stay tuned for the upcoming parts of this conversation, where we will explore additional influential factors and provide insights into developing effective ISSPs. Together, let’s navigate the complex world of system security and ensure the protection of your organization’s invaluable assets.

Maximizing Email Security: Understanding the Importance of DKIM, SPF, and DMARC

Email is a crucial part of our daily lives, but unfortunately, it’s also a popular target for cybercriminals who use various tactics like spam, phishing, and spoofing to scam people. The FTC recently issued a warning to users of MetaMask and PayPal about phishing scams that are currently circulating through fake emails. The scam claims that the user’s cryptocurrency wallet has been blocked and encourages them to click a link and update their wallet to prevent the loss of their crypto. To protect email users from these threats, authentication protocols like DKIM, SPF, and DMARC are strongly recommended.

Investigating the FAA Outage: Separating Fact from Fiction

On January 11th, the Federal Aviation Administration (FAA) experienced a nationwide outage that caused widespread delays and cancellations for flights across the United States. The outage was caused by a problem with the FAA’s NOTAM (Notice To Air Mission) system.

NOTAMs are messages issued by the FAA to provide pilots with important information about flight restrictions, hazards, and other critical information. The NOTAM system is a critical component of the FAA’s air traffic control infrastructure, and the outage caused a ripple effect throughout the entire aviation system.

Creating Your Wireless Workspace in 2023

As more and more of us work remotely or from home, having a wireless workspace has become increasingly important. Not only does it allow for greater flexibility and mobility, but it can also help declutter your desk and make your work environment more efficient.

Sage Knows IT: The Future Risks of Smart Contracts

The Future Risks of Smart Contracts

In its simplest form, Smart Contracts are programmable logic (or code) that exists on a blockchain.  It is commonly used to define terms or agreements among parties such as ownership, rights, payment options or business logic.

CIA Triad 2022

Understanding the CIA Triad in 2022

A question I commonly see when individuals are trying to break into the Cybersecurity industry is: What do I need to understand to be successful and make…

This Post Has One Comment

Comments are closed.

RSS109
Twitter638
YouTube0
YouTube
Pinterest0
fb-share-icon
LinkedIn
Share