Page 1 of 4 1234 LastLast
Results 1 to 10 of 38
Like Tree4Likes

Thread: Brute Force Attacks On WordPress Underway

  1. #1
    Post Impressionist Array vangogh's Avatar
    Join Date
    Aug 2008
    Location
    Boulder, Colorado
    Posts
    13,604

    Default Brute Force Attacks On WordPress Underway

    If you run a WordPress site and haven't yet heard, there's a brute force attack being coordinated against WordPress sites the last few days. I was alerted to it sometime last week by my web host who started putting things in place to help prevent the attack, but could potentially slow down the server at times. A client of mine received a similar email from a different web host.

    The gist of what's happening is a bot net is attempting to login to any WordPress site it finds. The attack is using the knowledge that the default admin username on WordPress sites is admin. It's then using brute force to try as many passwords as possible.

    If you run a WordPress site there are a couple of things you should do at a minimum.

    1. Change or remove any accounts on your site with the username admin. If admin is your only admin account you'll want to create a new admin account with a different username first.

    2. Make sure your passwords are secure. Then make sure they're even more secure than that.

    Here are a few links to information about what's going on and a couple of methods for how to change the admin username

    Brute Force Attacks Build WordPress Botnet
    WordPress and spam: How to protect yourself
    How to Change Your Admin User Name in WordPress

    You might also want to search for security plugins. I usually hear good things about Better WP Security

    Lockdown those WP sites.
    l Search Engine Friendly Web Design | Vanseo Design
    l Design, Development, Marketing, and SEO Tutorials | Steven Bradley's Notebook
    l Custom WordPress Themes |Get my book about Design Fundamentals

  2. #2
    Member Array WebEminence's Avatar
    Join Date
    Jan 2013
    Posts
    12

    Default

    Thanks for the warning Vangogh.

    I was doing some reading about this last week. I was looking at the security plugins and did also hear good things about Better WP Security.

    I ended up installing WordFence mainly for it's limit login feature which limits the number of unsuccessful login attempts and locks out a user. This may help prevent or discourage the attempts at login that may cause server issues. It's important to realize that it's not just the successful break-in that is problem but also the DOS effect when a bot tries to login millions of times.

    I think most of these security plugins have a limit login feature.
    I'll show you my CREDIT CARD PROCESSING FEES if you show me yours

  3. #3
    Post Impressionist Array vangogh's Avatar
    Join Date
    Aug 2008
    Location
    Boulder, Colorado
    Posts
    13,604

    Default

    I forget which plugin I added, but I did include a limit login type of feature. The most immediate thing people should do is get rid of the admin username and make sure they're using strong passwords.

    Some of the plugins do things like change the default URLs for some common WordPress pages like the login page. That way automated attackers won't find it easily or at all. Automattic offers a full security solution with Vault Press. It's subscription based so will cost something. At the low end they backup your site and can restore it should something go wrong. On the high end they security scanning.
    l Search Engine Friendly Web Design | Vanseo Design
    l Design, Development, Marketing, and SEO Tutorials | Steven Bradley's Notebook
    l Custom WordPress Themes |Get my book about Design Fundamentals

  4. #4
    Member Needs New Keyboard Array
    Join Date
    Mar 2013
    Location
    Farmingdale, NY
    Posts
    252

    Default

    Very helpful! Thanks for the heads up, VanGogh.

  5. #5
    Post Impressionist Array vangogh's Avatar
    Join Date
    Aug 2008
    Location
    Boulder, Colorado
    Posts
    13,604

    Default

    I haven't seen as much news about the attacks the last week or so. They might have slowed down. Still it's always a good idea to be conscious of security.
    MyITGuy likes this.
    l Search Engine Friendly Web Design | Vanseo Design
    l Design, Development, Marketing, and SEO Tutorials | Steven Bradley's Notebook
    l Custom WordPress Themes |Get my book about Design Fundamentals

  6. #6
    @haroldmansfield Array Harold Mansfield's Avatar
    Join Date
    Aug 2008
    Location
    Las Vegas Nevada USA
    Posts
    6,370

    Default

    Funny thing happened to me last week that made me think of this thread.

    I woke up one morning and had like 40 email alerts that some a**hole in the Ukraine from the same IP address found my log in screen, and was intent in guessing my password.
    At first I banned the IP address, and he just came back with another one.
    Then I banned any IP after 3 attempts, but he just kept coming.

    So finally I banned any IP address after one bad attempt and that stopped him. And I just left it like that.

    Couple of days ago, I was staging my log in screen to take some screen captures and accidentally hit the "Enter" button, which of course didn't let me in.
    But then when I wanted to log in, I couldn't and got a white screen with an error message that I don't normally ever see. I kept trying to log in and I kept getting the white screen of death.

    I was freaked out for about 10 minutes, before I realized that I still had it set to ban every bad attempt and had inadvertently locked myself out of my own site.

    But man, I was pretty happy when I finally figured it out.
    Small Business Web Consultant
    1:1 Web Help for Start Ups, Novices, and DIY’ers

    WordPress Website Design » WordPress Support

  7. #7
    Member Needs New Keyboard Array
    Join Date
    Aug 2008
    Posts
    4,431

    Default

    Funny, they never attack my oscommerce version 1.0

  8. #8
    @haroldmansfield Array Harold Mansfield's Avatar
    Join Date
    Aug 2008
    Location
    Las Vegas Nevada USA
    Posts
    6,370

    Default

    Quote Originally Posted by billbenson View Post
    Funny, they never attack my oscommerce version 1.0
    Here's my Archie Bunker "Whoop-dee-doo" face .

    Hope you knocked on wood.
    Small Business Web Consultant
    1:1 Web Help for Start Ups, Novices, and DIY’ers

    WordPress Website Design » WordPress Support

  9. #9
    Member Needs New Keyboard Array
    Join Date
    Mar 2013
    Location
    Farmingdale, NY
    Posts
    252

    Default

    Does this affect Wordpress.org, .com or both?

  10. #10
    @haroldmansfield Array Harold Mansfield's Avatar
    Join Date
    Aug 2008
    Location
    Las Vegas Nevada USA
    Posts
    6,370

    Default

    Quote Originally Posted by patrickprecisione View Post
    Does this affect Wordpress.org, .com or both?
    Self Hosted (.org). WordPress takes care of security for WordPress.com. But common sense precautions are always a good idea.
    patrickprecisione likes this.
    Small Business Web Consultant
    1:1 Web Help for Start Ups, Novices, and DIY’ers

    WordPress Website Design » WordPress Support

Page 1 of 4 1234 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •