Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC

This entry was posted in WordPress Security on December 18, 2017 by Mark Maunder   8 Replies

This morning at 3am Wordfence reported a massive distributed brute force attack campaign targeting WordPress websites. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a huge number of attacks. This is the most aggressive campaign we have seen to date, peaking at over 14 million attacks per hour.

The attack campaign was so severe that they had to scale up our logging infrastructure to cope with the volume when it kicked off, which makes it clear that this is the highest volume attack that we have seen in Wordfence history, since 2012.

The campaign continues to ramp up in volume during the past hour as we publish this post.

Brute Force Attack Chart

Read the full Attack Story.