[ad_1]
1,000+ of these. Luckily, we were able to get a permanent ban on this IP and they’ve since stopped (knock on wood). In addition to hundreds of spam form submissions (we’ve since enabled reCaptcha) and hundreds of spam comments (yep, disabled commenting too). Some weird brute force attack?
We have strong passwords forced and 2FA enforced for all users. No weird site logins, no unrecognized users.
We’ve done multiple malware scans. Everything is clean. No malware found, no file changes. Did this within Wordfence, ManageWP, and Hostinger (where we have the site hosted).
So in light of all that…what should be our next move?
[ad_2]
Looks like a normal vulnerability scan. As long as your WP, theme and plugins are all up to date (and are actively maintained), and you’re using strong passwords, you don’t really have much to worry about.
Rather than blocking IP addresses, you’re better off setting up a WF rule to block *.amazonaws.com traffic altogether. If you want added protection, that won’t tax your webserver in an ‘attack’, use Cloudflare.
Yeah, if I were a betting man, I’d say you’re _probably_ fine. You seem to have good security protocols in place so there’s not really much to do…if the attacks stopped like you said then yeah you’re hopefully in the clear. Keep everything up to date and just double check all of your plugins are from solid developers.
To echo the other user here, you might want to check out CloudFlare though if you are frequently on the receiving end of attacks like this.
>Virginia
It’s over…
It’s hard to tell what field they are attacking from the screenshot. If it’s wp-login.php, you could try to change the URL of your login page with a plugin (I’ve used “WPS Hide Login”).