A brute force attack may be the cause of the frequent 504 and 403 errors on your WordPress site. We will explain the symptoms and how to deal with this issue.
Server overload due to brute force attack
A brute force attack is an attack technique that uses the WordPress administrator’s ID (which is relatively easy to obtain) and a dictionary of tens of thousands of commonly used passwords to repeatedly perform login enforcement, eventually attempting to match the password and successfully log in.
If the password is strong enough, the login will not be successful. However, this attack may cause tens of thousands of accesses to the server in a short period of time, resulting in frequent 504(*) or 403 errors.
What are 504 and 403 errors?
A 503 error is an error where the server is overloaded and stops processing before retrieving data or displaying the site. Some servers (e.g., major shared servers) may also have a 403 error, which automatically bounces the process when the server is overloaded.
How can I find out if my site is being brute-force stacked?
One way to check if your site is being brute-forced is to look at the server logs. wp-login.php and xmlrpc.php may be brute-forced if they record excessive accesses.
A security plugin can also detect brute force attacks.
You can detect brute force attacks with the Hack Monitor feature enabled in the [Free] WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
The recorded brute force attacks are shown in the figure below
To resolve the overload caused by brute force attacks
Here are some measures to resolve server overload caused by brute force attacks.
Eliminate log bloat
Brute force attacks can increase the server load by bloating the site’s access logs, access analysis, and security logs.
(If there are millions of logs in the database, simply writing new logs can slow down the site significantly and cause 503 errors.)
In this case, it is possible to reduce the number of logs or prevent new logs from being recorded, thereby reducing the likelihood of 503 errors.
Protect the login screen
We can protect the login screen by preventing access to wp-login.php and xmlrpc.php, which are vulnerable to brute force attacks, by using security plugins, etc., or by preventing excessive access to these files.
It is also effective to block access to the hacker’s site by directly blocking the IP of the brute force attacker, thereby preventing the hacker from gaining access to the site.
Reference
Why and How to Prevent WordPress Brute Force Attacks with Login Screen Security Alone
We hope this was helpful.
This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.
