Sites running on Wordpress under Brute force attack.?

Jitaditya Narzary
Jitaditya Narzary
from Delhi
11 years ago

Got this mail from my hosting service provider... just sharing...

Wonder if anybody here has really faced an attack...

______________________________

The below is applicable to you if you have a Wordpress powered site with us. A global brute force attack is underway on Wordpress sites hosted across the world. The attack is a sophisticated one and has been launched using a botnet, with tens of thousands of IPs being recorded as sources of this attack.

What is a A Brute Force Attack?

A brute force attack is when someone walks up to a locked door and starts repeatedly trying to pick the lock. Given enough time and enough persistence, nearly any lock can be breached. Most of the IPs used in this attack are spoofed which is making it difficult to block all of such attempts. Nevertheless, we are already trying to mitigate the attack at the network level. However, you too need to take a few precautions to make sure your personal WordPress installations are secure. That would give additional security in the ongoing situation.

You need to do the following:

1) The first step is to install WordPress Security plugins from http://wordpress.org/extend/plugins/better-wp-security/

 Run this plugin and follow steps given to secure your WordPress installation.

2) The second step would be to secure your WordPress Login page. To do this you can simply log into your cPanel/Plesk Panel and use the Password Protect Directory option and secure the wp-admin folder of your WordPress installation using a secure password. You need to make sure that you use complex password, preferably generated via a Random Password Generator so that your password is not easily uncovered under a brute-force attack.

3) Other ways of Hardening a WordPress installation is shared at http://codex.wordpress.org/Hardening_WordPress

In addition, if you are using one of our Linux-based hosting products then can also protect yourself from this attack using CloudFlare. This will protect your website from both this attack and many other types of attacks.

Please refer the below link to help you for configuring CloudFlare: http://tiny.cc/4tefvw__________________________________

 

LockSign in to reply to this thread