WordPress Attacks Way Up in December

January 9, 2017 | Written by: Jeffrey Friend | Filed under: Security,Wordpress

I just read a new report from our friends at Wordfence regarding WordPress attacks in December, and it confirms what we’ve been seeing on our network of sites. Wordfence is a brilliant security plugin that provides free enterprise-class WordPress security.

According to the report, Wordfence tracked 63 million complex attacks and 67 million brute force attacks against WordPress sites last month. 63 million. Let that sink in for a minute. A brute force attack is a password guessing attack that is simplistic and has a low likelihood of success. At Wordfence we consider a ‘complex’ attack to be an attack that tries to exploit a vulnerability in WordPress or a WordPress plugin.


blocked brute force attacks on wordpress in december 2016


blocked complex attacks on wordpress in december 2016

Charts courtesy of Wordfence Attack Activity Report

The Ukraine has the most attacks logged with a total of 13 out of 25 top attack IPs. Surprisingly to me, France ranks second for the most IPs in the top 25 list with a total of 7 attack IPs. Another surprise are attacks from Seychelles, an island off the east coast of Africa that I frankly had not ever hear of before). Seychelles has a population of just over 90,000 and is officially the smallest sovereign African nation. Wordfence logged 2.2 million complex attacks originating in Seychelles.

The report also lists which plugins were most targeted by attacks in December 2016, and which themes were most commonly targeted.

Do you have someone contracted to handle maintenance on your WordPress site? A good maintenance contractor would keep your website and plugins up-to-date, and have protection in place to prevent these types of attacks. Contact us if you need help.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.