This topic is locked, no replies allowed. Inaccurate or out-of-date info may be present.

  • Print

Topic: Wordpress Hacker Warning!  (Read 542 times)

southernhorizons

    US flag
    View Profile
  • Gold Member
  • ********
  • Posts: 2914 (since 2008)
  • Thanked: 57x
Wordpress Hacker Warning!
« on: April 15, 2013, 08:03:37 am »
I got the following warning from my web hosting company, and just wanted to give everyone a heads up.

Defending Against Global WordPress Brute Force Flood
 
There has been a massive distributed brute force attack being launched the past few days against every WordPress based website at every hosting provider on the Internet. Over 100,000 different IP addresses are currently attempting to guess the admin user's password in every WordPress site. By default, WordPress cannot protect itself against this type of attack, but you can protect against this attack by following the tips in this email.
 
Here are the most critical steps:
 
1.Update WordPress to the latest version using the update function in the WordPress admin section.
2.Install the "Better WP Security" pluggin in WordPress. This will add brute force detection and auto-blocking, and it will make it easy to make additional security related improvement to your WordPress site.
3.Click on the Security tab in the WordPress admin to tweak the security settings.
4.Change the admin username to something else (since the hackers are trying to guess the password for the WordPress admin account).
5.While you are tweaking security, change the WordPress table prefix, the user id 1, and some of the other items listed in the Security tab. These things are not related to this current wave of brute force attacks, but these are generally good security ideas that will likely help against future attacks.
6.Remove every theme and pluggin that you are not currently using. Leave only the "Better WP Security" pluggin if you can. Fewer themes and pluggins will mean fewer things for hackers to target in the future.
7.Choose a really strong password for your admin level user. Long, completely random jumbles are the best, because they cannot be quickly guessed in a dictionary attack. Don't use plain English words. Remember, 20+ character random jumbles are drastically more secure than simple passwords like "qwerty" or "password123". Even after you have changed the admin user's username, it is still important to take password complexity seriously.
 
If you are using WordPress in your websites, please follow these security tips and pass these security tips on to all of your friends.

  • Print
 

Related Topics

  Subject / Started by Replies Last post
7 Replies
2321 Views
Last post October 24, 2011, 05:55:34 am
by kingreyam24
17 Replies
2619 Views
Last post January 02, 2014, 05:45:09 pm
by teresa3200
24 Replies
1682 Views
Last post August 30, 2019, 11:09:01 pm
by tantricia44
2 Replies
652 Views
Last post November 16, 2021, 05:36:58 am
by EdwardCorrea
4 Replies
438 Views
Last post September 24, 2024, 08:42:37 am
by ArnulfVK