Looking through the logs for my website its quite common to see 50 to 100 entires per day showing attempts to crack the password on my WordPress Admin panel. These are mostly compromised systems that are part of automated Botnets crawling the interwebs for vulnerable systems. Everything seemed perfectly normal with my security plugins detecting and reporting on those attempts, that is until in January when an email from my web host arrived advising me that nztechie.com was churning through too much CPU and overloading the host server.
It was my WordPress admin logon page being hit 27,400 times in one day that started all this. It wasn’t network bandwidth that was being exhausted but CPU. After some additional investigation and discussions with my web host we actually found that it was my Wordfence Security plugin causing the issue! Wordfence is a great security plugin with an excellent spread of features to assist with hardening a WordPress Blog and I thoroughly recommend it. One of those features is a ‘live traffic’ display showing in real-time a plethora of information about your visitors. Unfortunately this uses CPU cycles (even if you are not actively using it) and with lots of hack attempts it to ramped up CPU utilisation to what my host claimed was exhaustion.
After some additional research I found that I could apply this additional protection to specific pages through the use of page rules. My WordPress login pages are now protected with this and it seems to be doing a great job! Wordfence is no longer showing the usual daily list of attempts as they are all being blocked at the edge via CloudFlare and I can safely turn Wordfence Live Traffic back on.