In a recent blog post by WordPress security firm Wordfence, the information gathered is very serious.
Last week in the President’s cyber security op-ed in the Wall Street Journal he implored Americans to move beyond simple passwords and to enable two factor authentication or cellphone sign-in.
One of the things we monitor at Wordfence is the number of brute force attacks on WordPress websites. Brute force attacks are password guessing attacks, where an attacker tries to sign in as you by guessing your password.
To give you an idea of the level of attacks in the wild, we gathered data on brute force attacks across the sites we protect within a 16 hour Window starting Sunday until Monday (yesterday) at 2pm Pacific time.
Here are the highlights. Remember, this is only over a 16 hour window which is relatively short.
During this time we saw a total of 6,611,909 attacks targeting 72,532 individual websites. We saw attacks during this time from 8,941 unique IP addresses and the average number of attacks per victim website was 6.26.
One of the simplest ways you can protect yourself, your online activity and accounts, and your website is to use two-factor authentication (2FA). 2FA is basically verifying your identity in two ways, typically a user name and password is the first factor and the second is verified using a smartphone with an app, a text message, or a physical device.
I use multiple ways of 2FA, primarily because there isn’t one universally-accepted method. I verify my identity via text message with one of my hosting providers; I use Google’s Authenticator app on my smartphone for several websites. I like Clef (another app) for secure WordPress logins.
To make life easier, I also use the password app LastPass to store login info for hundreds of sites. It works on all devices and, of course, it uses two-factor authentication. (I do opt for the paid version; it is well-worth $12 a year.)
You can read more about 2FA on cnet: http://www.cnet.com/news/two-factor-authentication-what-you-need-to-know-faq/
And, you can check websites which support 2FA here: https://twofactorauth.org/