Friday, April 12, 2013

URGENT: Sites running on Wordpress at risk of a Brute force attack


  The below is applicable to you if you have a Wordpress powered site with us. A global brute force attack is underway on Wordpress sites hosted across the world. The attack is a sophisticated one and has been launched using a botnet, with tens of thousands of IPs being recorded as sources of this attack.
What is a A Brute Force Attack?
A brute force attack is when someone walks up to a locked door and starts repeatedly trying to pick the lock. Given enough time and enough persistence, nearly any lock can be breached. Most of the IPs used in this attack are spoofed which is making it difficult to block all of such attempts. Nevertheless, we are already trying to mitigate the attack at the network level. However, you too need to take a few precautions to make sure your personal WordPress installations are secure. That would give additional security in the ongoing situation.
You need to do the following:
1) The first step is to install WordPress Security plugins from http://wordpress.org/extend/plugins/better-wp-security/
 Run this plugin and follow steps given to secure your WordPress installation.
2) The second step would be to secure your WordPress Login page. To do this you can simply log into your cPanel/Plesk Panel and use the Password Protect Directory option and secure the wp-admin folder of your WordPress installation using a secure password. You need to make sure that you use complex password, preferably generated via a Random Password Generator so that your password is not easily uncovered under a brute-force attack.

In addition, if you are using one of our Linux-based hosting products then can also protect yourself from this attack using CloudFlare. This will protect your website from both this attack and many other types of attacks.
Please refer the below link to help you for configuring CloudFlare: http://tiny.cc/4tefvw
Also, do reach back to us for further clarity or concerns. Thank you for your co-operation.


http://www.zdnet.com/wordpress-hit-by-massive-botnet-worse-to-come-experts-warn-7000014019/

http://blog.cloudflare.com/patching-the-internet-fixing-the-wordpress-br

Here’s what I would recommend: If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem.

http://ma.tt/2013/04/passwords-and-brute-force/

1 comment:

  1. I've been using AVG security for many years now, I recommend this product to everyone.

    ReplyDelete