Announcement

Collapse
No announcement yet.

Wordpress Brute Frorce Attacks

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • clivejo
    replied
    Have there been any cases of the attack succeeding? Is there anything can be done at network level?

    Leave a comment:

  • peterd
    replied
    This information has been posted inside the hosting control panel to be visible to all customers using Wordpress too.

    Leave a comment:

  • clivejo
    replied
    I have noticed this too, continuously hammering on the login page. If you haven’t got a static IP address, you could install the following plug-in.

    Solid Security – Password, Two Factor Authentication, and Brute Force Protection
    http://wordpress.org/extend/plugins/better-wp-security/
    Reduce your WordPress website’s risk to nearly zero with Solid Security


    There are two nice features to disrupt brute force attacks

    1) Set-up a failed login limit. For example if the IP gets the login wrong the plugin adds the IP to your blocked list for a set period of time. In certain cases I have set it to block after 2 wrong attempts and to block for an hour.

    2) Change your login path. This feature changes the login path to a custom one so that an attacker cant guess it. ie (mydomain.com/mysecretlogin1234) It updates all the files automatically so you dont have to go editing the .htaccess file yourself.

    Leave a comment:

  • yav0r
    started a topic Wordpress Brute Frorce Attacks

    Wordpress Brute Frorce Attacks

    Hello,

    Apparently there is a ongoing bruteforce attack globally.

    Please note that these issues are not isolated to just Resellers Panel Hosting, and this is being viewed currently as a global attack across a wide range of web hosts on the Internet.

    Also we HIGHLY recommend updating your WordPress admin password to something very secure.

    Minimum password recommendations:
    - At least 8 characters total
    - Mixture of upper and lower-case letters
    - Numbers and special characters, such as punctuation or other non-alphanumeric characters

    Example weak password:
    secret1

    Improved strong password:
    Z#hupsZ2M4!Z

    We would advise you to setup a .htaccess file and restrict the login page to your own IP address.
    Here is a quick guide how to do that:

    Once you create the .htaccess file in your file manager (or through FTP) place the following code in the file (make sure you change the ***es to your actual IP address):

    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^/wp-login\.php(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^/wp-admin$
    RewriteCond %{REMOTE_ADDR} !^***.***.***.***$
    RewriteRule ^(.*)$ - [R=403,L]
    </IfModule>
    Tags: security, wordpress, worpdress templates
Previous 1 2 template Next
Working...
X