The number of WordPress website attacks is on the rise, with more than a quarter coming from Amazon Web Services (AWS) EC2 cloud instances.
About 5,000 of the 77,000 IP addresses that have tried to log into WordPress installations originate from Amazon’s EC2 instances, according to WordPress security experts Wordfence.
Ram Gall, QA engineer and threat analyst at Wordfence, said that the attackers began exhibiting malicious behavior only last week, and as a result their IP addresses have been blacklisted.
“While AWS makes it easy for businesses to move to the cloud, attackers are also utilizing the scale provided by cloud services, including AWS, in increasing numbers,” stated Gall.
A list of 40 IP addresses containing over one million malicious login attempts was posted by Gall on November 17, 2021. All of them had been on Wordfence’s blocklist for almost a year before I discovered them.
According to Gall, the persistence of these IPs could indicate that the attackers are paying for them. On the basis of this assumption, he asserts that websites must ensure they have the right mitigations in place ” since it has never been easier to inexpensively attack millions of sites at once.”
As a solution, he recommends using a password manager. He cites incidents like the recent GoDaddy breach during which attackers stole a large number of passwords, which they then used to log into other sites thanks to users using the same credentials on different websites.
The use of two-factor authentication (2FA) in addition to strong passwords would increase security vastly for it is an “extremely efficient” method of website security according to Gall.