The name sounds scary, because it is!
It’s no longer just Computer Security, Firewalls and Spam, Website Security is very much a reality of website ownership and management in today’s digital landscape.
So why the scare tactic?
Recently, we became a random target of what’s known in the industry as a Brute Force Attack. We wanted to share how this impacted us, and how it could have significantly impacted our clients if not for our;
1. Web-Sta’s Fully Managed WordPress Hosting (FMWH) Activity + Monitoring Software
2. Security-Centric + Technically-Minded Web-Sta Team; and,
3. Hosting Tech Support Crew
Great news is, we isolated, rectified and stopped these attacks in their tracks. We have further secured our Client sites to shield / block future attack attempts, and are now investing the time to share the vital importance of your website security and how we’re focused on keeping your most valuable digital asset safe.
For more information on a Brute Force Attack, here’s some FAQs we collated:
- What is a Brute Force Attack? “A brute force login attack is one of the most common (and least subtle) attacks conducted against Web applications”. Source: computerweekly.com
- How do they work? Without the right protection “…it’s possible for automated tools — which are readily available on the Internet — to submit thousands of password attempts in a matter of seconds (or less)…” Source: computerweekly.com So, it’s basically automated software designed to keep guessing unique username and password combinations. The problem is, it’s fast and it doesn’t sleep, eat or get distracted.
- What are they for? “The aim of a brute force attack is to gain access to user accounts by repeatedly trying to guess the password of a user or a group of users”. Source: computerweekly.com. Using what is essentially a trial-and-error approach (as known in Cryptography), the purpose of such an attack varies from; login credentials, compromising security to gather financial, contact or medical data, upload malicious content / code and variety of other unwanted and often illegal activity.
- Are they Illegal? “Brute-force attack is in itself not illegal, but, as with many things, can be used in a way that is illegal. You should consider any attack on a system/network for which you do not have permission as illegal”. Source: hackthis.co.uk
- What problems can they cause? Without the right monitoring and alerts in place here’s some examples of what you could be risking.
- Slow Page Load Speed // due to the volume of traffic on the hosting server, websites can start performing at a snail’s-pace, and nobody likes a slow website
- Compromised Data // including customer contact details from online form submissions, newsletter database and even online shopping cart information
- Unauthorised Access // From social media accounts, payment platforms through to Google tracking, your website is likely tapped into several eMarketing tools that you would prefer to keep protected.
- Access to Website’s Core Files // From malicious code being installed, a crashed website, error messages to a website that redirects to a completely different website. All can be a lengthy and costly issues to resolve.
— CASE STUDY —
In our case, we experienced extremely slow website performance. This was caused by 1000’s of attack attempts simultaneously hitting our hosting servers which looked like traffic. As a protection mechanism, our server intentionally slowed performance on some of our large client sites to stop itself from shutting down. While this protection protocol stopped sites from crashing (which is great news), it unfortunately flows into poor user experience with slow page load times and, left unattended for too long, can have an impact on Google ranking plus sales and enquiries (the not so great news).
We have your WordPress Website’s Back!
You’ve possibly come across “You’ll be logged out after three failed login attempts” message. This is actually one of the many security measures employed to prevent unwanted access to your digital platforms. Here are some other processes we’ve added to further lock down and protect your greatest digital asset.
- Progressive Delays // In the event of an attack attempt on your Web-Sta Hosted WordPress website, specialist software, added by us, triggers certain red flags, your website will block the recognised IP address for up to 2 months. This significantly reduces the traffic load on your hosting and further protects your website.
- Challenge-Response // A prime example of this is an online form reCAPTCHA requiring the user to enter a word, solve a math problem or correctly respond to a visual challenge to ensure the user is, in fact, a person. At the end of 2018, we released our PPRS Upgrade Package to our WordPress Website Clients that incorporated this important piece of online form security. Click here to view this offer.
- Strong Passwords // We’ve always been advocates for strong passwords. On occasion, our systems will force your to update your password to something more secure and therefore, harder for hackers of the human and digital varieties to guess. “Longer passwords, passphrases and keys have more possible values, making them exponentially more difficult to crack than shorter ones.” Source: Wikipedia
- Security Monitoring // For our valued clients, we like to keep things transparent. We send a monthly Fully Managed WordPress Hosting Report that includes details of our ongoing security monitoring.
- Security Software // We use Wordfence… leaders in WordPress website protection.
And this is just the beginning
This only really skims the surface of the severity and impact of Brute Force Attacks and website security, as well as the importance of the systems and procedures required to monitor and manage this on your behalf. We trust it brings to light just how important it is to have the right hosting provider, the right protection security, and the right back-ups if and when required.
If you are not already a Web-Sta customer and you’re interested in learning about how our Fully Managed WordPress Hosting can save you are whole lot of time, money and worry, contact us today.