brute force attack prevention/help

Hello! A client WordPress site got hacked last year, and a bunch of spam pages, posts, and admin user accounts were added. I deleted everything I could find but I’m still continuously having issues with this site. There are spam links that were indexed in GSC, brute force attacks are still happening, and now because of the amount of traffic going to it to try and hack into it, the site is going down. Any thoughts on what to do to prevent it? Do they need a fresh WordPress install or a new domain? Thanks in advance!

1 Comment
  1. Couple questions. Are they using a web application firewall like Wordfence? Does the server have firewall rules setup? If you can access the admin panel, then change the primary admin/owner password, install wordfence, and start blocking IP addresses. Is everything up to date? There could be vulnerable plugins installed. Need more information.


This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer