I received your Security Log zip file. Your site is being brute force attacked at a rate of 160 attacks per minute|2.7 attacks per second. This is a relatively low|mild brute force attack. A moderate brute force attack would be 1200 attacks per minute|20 attacks per second. A heavy|extreme brute force attack would be 6000 attacks per minute|100 attacks per second.
BPS Pro Login Security and JTC Anti-Spam|Anti-Hacker are both designed to stop brute force attacks in a way that do not cause any significant server or website resource usage. Each individual brute force attack is killed before database/login connection processing occurs. When a brute force attack is occurring you can expect to receive more automated Security Log zip file emails since more Security Log entries are being created during the attack. Brute force attacks can last several days. When the brute force attack ends you will receive a “normal” amount of automated Security Log zip file emails again. Since all BPS Pro log file handling is automated you do not need to do anything else. Since BPS Pro is designed specifically to handle brute force attacks you do not need to do anything else.
Side Note: Several people have sent me a link to a website that makes this incorrect/invalid claim below. The incorrect/invalid statement below could not be more wrong. Brute force login attacks make up the largest percentage of website attacks by far. Since brute force attacks occur more frequently than any other type of attack and are constantly increasing then I would estimate that brute force attacks make up 85% or more (probably actually 90% to 95%) of all website attacks. Or in other words, when I tally up the total number of blocked and logged brute force attacks vs all the other types of blocked and logged attacks in our Security Logs, 85% or more of the Security Log file entries are blocked and logged brute force attacks. So Login Security that has brute force protection capability is the #1 most important and essential website security protection measure that every website should have.
Almost all the WordPress security plugins focus mainly on login security. But statistics indicate that brute force login attacks make up a very small percentage of attacks.
- This reply was modified 4 hours, 14 minutes ago by AITpro Admin.
- This reply was modified 4 hours, 11 minutes ago by AITpro Admin.
- This reply was modified 3 hours, 57 minutes ago by AITpro Admin.
- This reply was modified 3 hours, 51 minutes ago by AITpro Admin.
- This reply was modified 3 hours, 50 minutes ago by AITpro Admin.
- This reply was modified 3 hours, 48 minutes ago by AITpro Admin.
- This reply was modified 3 hours, 42 minutes ago by AITpro Admin.