Announcement

Collapse
No announcement yet.

Wordpress Brute Frorce Attacks

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wordpress Brute Frorce Attacks

    Hello,

    Apparently there is a ongoing bruteforce attack globally.

    Please note that these issues are not isolated to just Resellers Panel Hosting, and this is being viewed currently as a global attack across a wide range of web hosts on the Internet.

    Also we HIGHLY recommend updating your WordPress admin password to something very secure.

    Minimum password recommendations:
    - At least 8 characters total
    - Mixture of upper and lower-case letters
    - Numbers and special characters, such as punctuation or other non-alphanumeric characters

    Example weak password:
    secret1

    Improved strong password:
    Z#hupsZ2M4!Z

    We would advise you to setup a .htaccess file and restrict the login page to your own IP address.
    Here is a quick guide how to do that:

    Once you create the .htaccess file in your file manager (or through FTP) place the following code in the file (make sure you change the ***es to your actual IP address):

    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^/wp-login\.php(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^/wp-admin$
    RewriteCond %{REMOTE_ADDR} !^***.***.***.***$
    RewriteRule ^(.*)$ - [R=403,L]
    </IfModule>

  • #2
    I have noticed this too, continuously hammering on the login page. If you haven’t got a static IP address, you could install the following plug-in.

    http://wordpress.org/extend/plugins/better-wp-security/

    There are two nice features to disrupt brute force attacks

    1) Set-up a failed login limit. For example if the IP gets the login wrong the plugin adds the IP to your blocked list for a set period of time. In certain cases I have set it to block after 2 wrong attempts and to block for an hour.

    2) Change your login path. This feature changes the login path to a custom one so that an attacker cant guess it. ie (mydomain.com/mysecretlogin1234) It updates all the files automatically so you dont have to go editing the .htaccess file yourself.

    Comment


    • #3
      This information has been posted inside the hosting control panel to be visible to all customers using Wordpress too.

      Comment


      • #4
        Have there been any cases of the attack succeeding? Is there anything can be done at network level?

        Comment


        • #5
          Originally posted by peterd View Post
          This information has been posted inside the hosting control panel to be visible to all customers using Wordpress too.
          Hi Peterd,

          My suggestions are based on installing the plug in "Better WP Security" which then allows you to access the features I mentioned. It also has a Dashboard which allows you to see other security precautions you can make to make your site more secure.

          Comment


          • #6
            the things we are referring to i.e. the .htaccess file is purely on local level i.e. user lever.

            There is no network level resolution neither with us or with the competition so far. Wordpress hasn't come up with a solutions to it yet.
            It appears that some hackers got about 90k IPs where wordpress is running and are continuously trying to brute force.


            Common practice when working with any type of script is not to include any plugins in any of the resolutions of the problem. That is when hosting providers and the actual script developers are concerned.

            We will not offer a solutions to our customers when it comes to installing additional plugins.

            The login path is not going to work a lot better considering the hackers got a list of Ips where wordpress is installed. I am 1000% sure they can find the proper login in no time

            We will update you with more news when we have any.

            Comment


            • #7
              Also,

              If you feel your wordpress site has been compromised, in addition to change your password you should also change your salts located in your wp-config.php file.

              Here is a salt generator, just copy paste over the ones you currently have.

              https://api.wordpress.org/secret-key/1.1/salt/

              You should also be sure to use a different username than "admin".

              Comment


              • #8
                And WOW! better-wp-security may be the best plugin I have ever seen. Thank you so much for the suggestion.

                Comment


                • #9
                  Originally posted by yav0r View Post
                  Common practice when working with any type of script is not to include any plugins in any of the resolutions of the problem. That is when hosting providers and the actual script developers are concerned.

                  We will not offer a solutions to our customers when it comes to installing additional plugins.
                  I understand Yan. I offered the suggestion as I have found it helpful in the past for dealing with and keeping informed (it emails me) of these kind of attacks. Ideally not having these guys hammering at our login pages would be the best solution, but if anything makes things difficult for them, them I'm going to try it

                  Comment


                  • #10
                    Wordfence and better wp security does seem to be the best way to go about it considering what users have been ranting about all over the Internet during the weekend.


                    I personally sleep much better by having both installed!!!

                    So far hackers have only been using slow traffic botnets meaning infected home PCs and such. Luckily they don't have any heavy artillery up their sleeve or we will be in the deep then.


                    Its almost like they are not trying hard enough...

                    Comment


                    • #11
                      Originally posted by yav0r View Post
                      Wordfence and better wp security does seem to be the best way to go about it considering what users have been ranting about all over the Internet during the weekend.


                      I personally sleep much better by having both installed!!!
                      Hi Yan,

                      1/ I have installed WordFence and find it very good. Should I install Better WP Security too? Doesn't that do the same thing? And will the two clash?

                      2/ Re changing the wp-admin path I found a great plugin for this without having to restrict via the htaccess file. [I want to be able to login from other IP's when away from the office - as do many of my wordpress clients]

                      Its called 'Stealth Login Page' - it changes the 'wp-admin/' path to a secret login path/page of your choice. It also redirects anyone entering the normal 'wp-admin' URL to another address of your choice. This is their home page if anyone is interested - http://www.petersenmediagroup.com/pl...th-login-page/

                      Cheers

                      Comment


                      • #12
                        The Better WP Security has some exclusive features such as the option to change the admin username to something else as well as change your ID from 1 to something else.

                        I haven't seen that in the WordFence plugin but if you can do that yourself from the database like we used to when there were no such helpful plugins than you really don't need the better WP security plugin.

                        Changing the wp-admin area is good however there are scanners which look for the actual .php file which is used to load the admin area so it will slow them down but not stop them

                        Comment


                        • #13
                          Originally posted by yav0r View Post
                          The Better WP Security has some exclusive features such as the option to change the admin username to something else as well as change your ID from 1 to something else.

                          I haven't seen that in the WordFence plugin but if you can do that yourself from the database like we used to when there were no such helpful plugins than you really don't need the better WP security plugin.

                          Changing the wp-admin area is good however there are scanners which look for the actual .php file which is used to load the admin area so it will slow them down but not stop them

                          Thanks yan - I will check out Better WP Security.

                          Meanwhile, you may be right about changing the wp-admin path. Since I did so yesterday - WordFence has locked out 3 IP addresses for failed login attempts from 3 sources -

                          Comment


                          • #14
                            Hello,

                            For those of you using Wordfence you already probably got the e-mail but just in case:

                            A security hole that allows anyone to execute any command on your WordPress server has been discovered in the WP Super Cache and W3 Total Cache plugins.

                            WHAT TO DO: Upgrade to the newest version of both these plugins immediately The security holes have been fixed by the developers.

                            The impact of these security holes can't be overstated. They allow anyone to bypass all security and gain complete access to your WordPress site.

                            Hope that helps you all to stay safe!

                            Comment


                            • #15
                              I'm using better wordpress security.. In about 2 weeks I have accumulated 1162 failed logins to this moment.. All I can say is wow..

                              Comment

                              Working...
                              X