Blog sites attract cybercriminals. They are simply great targets. Every website with a login (including blogs like WordPress) is a target for brute force attacks—relentless assaults that capitalizes on automated trial-and-error methods to gain unauthorized access.  In essence, this attack usually focuses on a single username and tries hundreds (or more) of common passwords.

Blog sites are appealing targets for several reasons but also because they are easy targets. Often run by individuals that are not paying attention to security in the first place, many sites still have “admin” as the default username because … well, people are lazy and easily confused about how to set up new logins.

Below is an example of a clear brute force attack. On most days, there are few failed login attempts, and that is normal, but when you see a spike in attempts every few days, that’s a warning that you are on the radar and your blog is under attack! Don’t be upset, no one is under the radar these days.

Why attack a blog site?

Firstly, they often house valuable user data, including personal information and email addresses, which can be used for identity theft or sold on the dark web. Moreover, compromised blog sites can be utilized to spread malware or launch larger-scale attacks on visitors, thereby expanding the attacker’s reach.  Even if the site isn’t used for these malevolent purposes, the logins could be used to help game social media and search engine results through automated posts.

How do you mitigate the risks?

There is always risk of cleaver and unique attacks but basic hygiene will stop 99% of the attacks out there. The basics include: implementing multi-factor authentication, limiting login attempts, and regularly updating software to patch vulnerabilities. Mandating users to adopt strong password practices should be another best practice.  Also, though out of your control, password managers are a great way to allow you to use unique passwords for every website.

If you are interested, there are many security related plugins for blog platforms. Jetpack has a free (basic) version and there are many others.

While traditional blogs are being replaced by micro-blogging social media sites, the WordPress platform is still used by millions. Pay attention to your plugins, keep them updated, and pay attention to security!


Paul Bergman runs a business strategy and cybersecurity consulting company in San Diego. He writes on cybersecurity and board management for both corporate and nonprofit boards.

Paul Bergman
Follow me