Brute force attacks can make the log big – here’s why and how to stop it

In the support forum for Simple History some people have raised issues about the Simple History database tables are growing large. (For example this thread and this thread.

The reason for this is that Simple History is really good at logging things. So if your WordPress blog is getting a really big amount of brute force attacks, all those failed login attempts will be logged in Simple History. Nothing wrong with that, that’s the purpose of the plugin. But the number of rows can be huge – like over a million for some sites. And that can be an issue for some low cost hosts where you have a limited amount of storage/disk space.

Here’s what Simple History is doing to keep the database small – and a solution to keep the number of login attempts down to a minimum:

[comment]One solution is: don’t. Keep logging all those login attempts, but make occur much less often.[/comment]

Updated Simple History make the database grow slower

Since version 2.5 of Simple History the amount of data stored for each failed login attempt is less than in earlier versions. This includes shorter variable names, less data stored, and optimized log messages.

This change should make the database with logged events grow a bit slower.

Events are removed after 60 days

The database with all events that Simple History stores is not saved forever. Events that are older than 60 days are cleared out in regular intervals. So it can’t grow forever, and if you follow the instructions in the next section the log should slowly begin to decrease in size.

[comment]To keep your blog more secure and to stop brute force attacks you should install a security plugin that stops these attacks.[/comment]

How to stop all failed login attempts from being logged

The best way it not so stop them from being logged, the best way is to stop the attacks. Since brute force attacks against WordPress is a common thing, there are WordPress security plugins available to prevent these attacks.

I’ve tested Jetpack with successful results, but several other plugins exists too. Check out the blog post I wrote earlier about this: Stop login attempts from hackers with these 7 security plugins.

Millions of failed logins every day

You’re not the only one who’s getting attacked. Just this last Sunday (december 13) Sucuri reported 47.8 million failed logins on the sites that they monitor.

WordPress Brute Force Attacks