Brute Force WordPress Attack
4 views
Skip to first unread message
Nana Kwabena Agyei-Owusu
Apr 14, 2013, 10:02:47 AM4/14/13
to GhanaGTUG
hi guys/chicks,
Wordpress sites across the web have recently been targeted by an extensive distributed brute force attack. The attack attempts to gain access to the administrator account on Wordpress sites by systematically running through a variety of password iterations. Since the attack originates from thousands of different IP addresses, it is difficult to block at the network level.
If you have installed Wordpress on your site please take a minute or two to ensure your site is protected against attacks like this one. Here are some basic security tips:
- The easiest thing you can do to increase the security of your site is to change both the admin username and password. By default, the administrator login name is set to “admin” – and most brute force scripts have this ID and some basic variations (e.g. administrator, root, test, etc…) hardcoded as the IDs they attempt to break into. Change the username for your administrator account to something obscure.
- Make sure your password is strong. You know the drill: more than 8 characters, letters and numbers, no English words, no dates, mixture of capitals and lower case. Consider using a random password generator and a secure password manager to store it so you don’t have to memorize it.
- Install a security enhancing plug-in. The core Wordpress application lacks some basic security features, such as the ability to limit the number of failed login attempts. Fortunately, you can add functionality like this via some popular plug-ins:
- Bad Behavior: http://wordpress.org/extend/plugins/bad-behavior/
- Better WP Security: http://wordpress.org/extend/plugins/better-wp-security/
- Limit Log-in Attempts: http://wordpress.org/extend/plugins/limit-login-attempts/
thanks
Oral Ofori
Apr 14, 2013, 12:38:31 PM4/14/13
to ghana...@googlegroups.com
Thanks for sharing but in the future refrain from referring to some of the honorable members of this community as chicks, you never know who is taking note(s) :-)
Oral Ofori,
+1202-706-9881, oral...@gmail.com, Freelance Journalist: http://www.oralofori.com/ Wikimedia Ghana Enthusiast, Broadcaster, Retail Specialist, Music Promoter, Artiste. http://about.me/oralofori/
--
You received this message because you are subscribed to the Google Groups "GDG Ghana" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ghana-gtug+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
David Mantey
Apr 14, 2013, 1:29:06 PM4/14/13
to ghana...@googlegroups.com
Thanks for the information.--
David .R. Mantey
David .R. Mantey
Reply all
Reply to author
Forward
0 new messages