increased attack rate

Resolved davidr11
(@davidr11)

1 year, 11 months ago

Starting on April 23, I’ve been getting a stream of emails from Wordfence with the subject line “increased attack rate” – maybe 20 to 40 emails a day, spaced minutes or hours apart. I searched in the forum and found a list of suggestions of settings to ensure that my site is secure, which I followed, as well as the advice that it’s normal for WordPress sites to be attacked. I just want some reassurance that I don’t need to do anything else to secure the site, or some help to understand why this suddenly started two weeks ago and has continued since then. I’ve had Wordfence installed for years, so I’m not sure why this is suddenly happening. The blog itself is fairly small and not any more active now than it ever has been in the past.
Thanks!

The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Support wfpeter
(@wfpeter)

1 year, 11 months ago
Hi @davidr11, thanks for getting in touch!

I see that you’re aware that attack rates can indeed sometimes increase without a correlation between visibility of your site, for example on search engines, or even whether a specific vulnerablity is being attempted on your site’s configuration. I do understand that it can be concerning to see though.

If you could run a new scan and send a copy of your site diagnostics to wftest @ wordfence . com, I’d be more than happy to take a quick look for anything standing out as an issue. You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

If the increased rates are being successfully dealt with by Wordfence and are not resulting in downtime for your site, you could change your email alert preferences to receive less notifications of this type. I would however keep the following active for security reasons:
Email Alert Preferences Screenshot
- Email me if Wordfence is deactivated
- Alert me with scan results of this severity level or greater: Critical or High
- Alert me when someone with administrator access signs in & Only alerts me when that administrator signs in from a new device or location
Once again these are just a suggestion, you can choose what settings fit best for you. Keep in mind by deactivating these notifications, you may be lowering your ability to quickly react to an attack or vulnerability.

You can also manage your alerts via Wordfence Central:
https://www.wordfence.com/help/central/settings/

Thanks,

Peter.
WFSupport
(@wfsupport)

1 year, 11 months ago

Thanks for reaching out. An increased attack rate would happen for one primary reason – attackers are more active. Most likely, a bot is running a script against your site to see if they could find a security hole. Since all of the requests were blocked, there is nothing you need to do. The emails are just letting you know that Wordfence is taking care of it.

You can also disable this email if you want since there is no action you need to take when attacks increase. It’s more of a notification for people who may want to dig further. But that would be more out of curiously that necessity. If you want to disable the option, it’s called “Alert me when there’s a large increase in attacks detected on my site” and you can find it by searching at the top of the Wordfence “All Options” page.

Unfortunately, large attack rates is an everyday occurrence on WordPress sites. That is, of course, precisely why developed Wordfence.

If you have any other questions or concerns, just let me know.

Thread Starter davidr11
(@davidr11)

1 year, 11 months ago

Thanks for the reply. I’m sure you get this question a lot, and I appreciate your taking the time to answer me.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘increased attack rate’ is closed to new replies.