MicrostockGroup Sponsors


Author Topic: A must read for all Wordpress users  (Read 1814 times)

0 Members and 1 Guest are viewing this topic.

« on: April 12, 2013, 22:41 »
+1
If youre running a WordPress site, now would be a good time to ensure you are using very strong passwords and to make sure your username is not admin. According to reports from HostGator and CloudFlare, there is currently a significant attack being launched at WordPress blogs across the Internet. For the most part, this is a brute-force dictionary-based attack that aim to find the password for the admin account that every WordPress site sets up by default.

HostGators analysis found that this is a well-organized and very distributed attack. The company believes that about 90,000 IP addresses are currently involved. CloudFlare, its founder and CEO Matthew Prince told me earlier today, thinks the hackers control about 100,000 bots. As for the scope of the attack, Prince says that CloudFlare saw attacks on virtually every WordPress site on its network.

If somebody guesses your WordPress password, thats obviously a big problem, but attacks like this then open up ways for the hackers to take over your server and thats what whoever is behind this attack is clearly after. The CloudFlare team believes that the attacker is currently using a network of relatively low-powered home PCs, but the aim is to build a much larger botnet of beefy servers in preparation for a future attack. Home PCs can be the staging ground for a large denial-of-service attack, but servers have access to far more bandwidth and can hence push out far larger amounts of traffic.

This currently attack is similar to an attack in 2012 that was also aimed at WordPress sites. That attack, however, was looking for outdated versions of TimThumb, a popular PHP-based image resizer that is often used as the default by many WordPress templates.

Both CloudFlare and HostGator, as well as a number of other hosting providers, have taken measures to protect their customers. Besides choosing a very strong password which is always a good idea you can also install a number of WordPress plugins that limit the number of login attempts from the same IP address or network to put a stop to these brute-force attacks (though as WordPress founder Matt Mullenweg notes in a blog post this afternoon, changing your admin username to something ab it more obscure may be your best defense given that the hackers do have 90,000 IPs at their disposal). If your site is hosted on WordPress.com, you can also turn on two-factor authentication to add an extra layer of security.


http://techcrunch.com/2013/04/12/hackers-point-large-botnet-at-wordpress-sites-to-steal-admin-passwords-and-gain-server-access/


« Reply #1 on: April 12, 2013, 23:10 »
0
When I heard about this new massive attack this morning  >:( I installed a wordpress security plugin called Better WP Security. It guided me nicely through all the various aspects and think-abouts of general hosting and specific wordpress security. So far it seems to work flawless with wordpress and our beloved SY theme.  8)

Now I hope that's enough of a defense against those hackers  :-\


 

Related Topics

  Subject / Started by Replies Last post
4 Replies
3873 Views
Last post November 09, 2009, 15:29
by madelaide
2 Replies
1743 Views
Last post February 01, 2013, 23:07
by donding
2 Replies
3350 Views
Last post March 27, 2013, 19:00
by madelaide
9 Replies
2788 Views
Last post April 12, 2013, 21:03
by farbled
4 Replies
4805 Views
Last post April 09, 2014, 06:11
by emicristea

Sponsors

Mega Bundle of 5,900+ Professional Lightroom Presets

Microstock Poll Results

Sponsors