The Wordfence 2020 WordPress Threat Report notes more than 90 billion malicious login attempts on the 4+ million sites using Wordfence in 2000. Doing a bit of math, that’s about 60 malicious login attempts on every site every day. I’m not at all sure 60 is exactly correct, but it seems about right based on what I find in my Cloudflare firewall logs – and it’s a big number.
Gotta take precautions. Strong password and limit login attempts at an absolute minimum. I also obfuscate my login URL and use Cloudflare firewall rules to block these nefarious attacks before they even get near my site or its server.
The Wordfence Report also notes 4.3 billion vulnerability exploit attempts targeting WordPress. That’s roughly two attempts per site every day. Again, gotta take precautions. Always keep WP, themes, and plugins up-to-date. Most especially, never used a nulled theme or plugin. Malware from nulled themes and plugins has become the most common malware threat to WordPress.
I don’t use Wordfence, but I believe it to be a good security solution for most WP users. Also, I very much like the Wordfence WP security blog.
