Wordpress getting hit hard - secure yourselves!

Benet

Hey folks,

I know a good load of you run Wordpress on your business sites and maybe even for blogs and personal projects, so...

Just a little heads up for anyone running Wordpress, that there's a massive distributed attack going on at the minute. Basically, the attacker is brute force attacking the WordPress administrative portals, using the username "admin" and trying thousands of passwords.

http://krebsonsecurity.com/2013/04/brute-force-attacks-build-wordpress-botnet/

The above article has some handy hints on securing yourself from these attacks. Most of it is pretty common sense stuff, but well worth a read

phill79

Benet wrote: »

Hey folks,

I know a good load of you run Wordpress on your business sites and maybe even for blogs and personal projects, so...

Just a little heads up for anyone running Wordpress, that there's a massive distributed attack going on at the minute. Basically, the attacker is brute force attacking the WordPress administrative portals, using the username "admin" and trying thousands of passwords.

http://krebsonsecurity.com/2013/04/brute-force-attacks-build-wordpress-botnet/

The above article has some handy hints on securing yourself from these attacks. Most of it is pretty common sense stuff, but well worth a read

The plugin "limit login attempts" is very useful. It locks the pesky kids out for the number of hours you set and also emails you so you know you are being attacked.

kwikbreaks

I have several WP sites but on my own server so doubt I'll see this attack but that plugin looks pretty much essential anyway so thanks both.

gman955

Thanks for the info

ShaunH

phill79 wrote: »

The plugin "limit login attempts" is very useful. It locks the pesky kids out for the number of hours you set and also emails you so you know you are being attacked.

This the plugin you mean?

wordpress.org/extend/plugins/limit-login-attempts/

(sorry can't post links yet as I'm a new user!)

phill79

ShaunH wrote: »

This the plugin you mean?

wordpress.org/extend/plugins/limit-login-attempts/

(sorry can't post links yet as I'm a new user!)

That is the one.

kwikbreaks

Caught one already. eMail from that excellent plugin...

16 failed login attempts (4 lockout(s)) from IP: 66.85.172.250

Last user attempted: admin

IP was blocked for 24 hours

phill79

kwikbreaks wrote: »

Caught one already. eMail from that excellent plugin...

I would increase the lockout period and drop them down to 2 attempts so they don't have a chance of either guessing your password or your username.

Hoseman

I use one called Login Lockdown to restrict number of attempts. No one should use the username "admin" as in the article as it just means they are halfway there with getting into your site.

paddyrg

Thanks for this, just installed that plug-in and tightened the number of attempts etc :-)

kwikbreaks

phill79 wrote: »

I would increase the lockout period and drop them down to 2 attempts so they don't have a chance of either guessing your password or your username.

I amended the defaults on that site to less short lockouts before 24 hour lockout. Now I've had a notification of a lockout on a different site and they seemed to be using random ids. I wasn't using admin anyway but one admin user would have been easy to guess so removed that now.

16 failed login attempts (4 lockout(s)) from IP: 91.239.66.72

Last user attempted: k4dskzww

IP was blocked for 24 hours

According to IP lookup the first was in USA and this one is Poland so they are probably using an anonymous proxy making the lockouts pretty pointless