Brute force attacks hit thousands of websites every single day. What is a brute force attack and what can you do to stop it from happening to you?
To visualize what a brute force attack is, imagine you come home one day to find that you are locked out of your house. Someone has changed all the locks and is lounging in his drawers on your couch eating lasagna and wiping his hands on your draperies. You see a sign in the window that demands a ransom if you ever want access to your house again.
While this seems an unlikely scenario with your physical home, your company’s home on the internet, being open to the global public, can be open to all sorts of attacks just like this one.
Why You Need Good Security
Brute force attacks leverage knowledge about your CMS to find the bankend login on your website. The hackers then run scripts which make rapid login attempts to try to gain access to your site.
This is known as a “brute force” attack because, unlike the finesse of a traditional lock-picker, it relies on the trial-and-error of thousands of attempts as the computer running the script tries as many combinations of characters as its processing power can handle. Hackers use databases of common passwords and typical patterns of letter and number combinations to speed up the process.
Once they have achieved a successful login, your website is free for them to do with as they please. Sometimes, they will ask for a ransom or set up malware but, many times, they might not leave any trace of hacking at all.
Hackers can create a secret bankend entrance to your site for them to access whenever they so choose. They will probably wait a while to throw off any suspicion. When they do strike, it may seem to come out of nowhere. This can be scary for your brand as hackers have been known to use their access to impersonate and spread false information in the company’s name.
WordPress Vulnerabilities and What to Do About Them
A majority of the internet runs on content management systems (otherwise known as a CMS) that can be customized to suit specific needs. These CMSs provide the framework for custom web design firms, such as Key Web Concepts, to build according to whatever purpose the website needs to accomplish. WordPress is the arguably the most powerful CMS on the market and enables Key Web to build beautiful customized websites.
One inherent “flaw” to this is that, with so many websites running on similar CMSs, hackers have a better idea what they are doing. WordPress developers designed their CMS as an open-source software.
Being open-source means that WordPress encourages customization of their program by making the program source code available to everyone. Third-party software development teams then use this information to build very useful plugins to accomplish specific tasks. This extends the possibilities of the CMS far beyond what any one development team could come up with.
However, with how many websites are running on WordPress, hackers can study up on what it takes to hack a WordPress site and know that, as the most powerful CMS out there, 32% of all websites on the internet use it.
Hackers can also use chinks in the armor of the plugins you may have installed on your website. When third-parties create supplemental tools to run on a CMS platform, there is no guarantee that their security efforts are as airtight as the platform itself. WordPress frequently releases updates for its platform as a whole to continually cover any security threats but plugin developers might not necessarily be as vigil.
What Can You Do?
If your site has already been hacked, give us a call. It is possible that we can clean your site of malware and keep your online presence safe.
If you are worried about future attacks to your site, consider installing a security plugin on your website. Security plugins can do everything from hiding the login portal to banning suspicious IP address with too many failed login attempts. Some can even block countries where you don’t plan to do business so that only potential customers can view your site. These plugins gather data about hacks when they happen and update their program to block the latest threats.
For Key Web customers, our Pro website hosting package includes the installation of several security plugins to cover all of the bases. By continually monitoring your security, we will ensure that you win the ongoing battle of website security. Your website will stay safe.