Announcement
Collapse
No announcement yet.
Wordpress Brute Frorce Attacks
Collapse
X
-
Have there been any cases of the attack succeeding? Is there anything can be done at network level?
-
This information has been posted inside the hosting control panel to be visible to all customers using Wordpress too.
Leave a comment:
-
I have noticed this too, continuously hammering on the login page. If you haven’t got a static IP address, you could install the following plug-in.
There are two nice features to disrupt brute force attacks
1) Set-up a failed login limit. For example if the IP gets the login wrong the plugin adds the IP to your blocked list for a set period of time. In certain cases I have set it to block after 2 wrong attempts and to block for an hour.
2) Change your login path. This feature changes the login path to a custom one so that an attacker cant guess it. ie (mydomain.com/mysecretlogin1234) It updates all the files automatically so you dont have to go editing the .htaccess file yourself.
Leave a comment:
-
Wordpress Brute Frorce Attacks
Hello,
Apparently there is a ongoing bruteforce attack globally.
Please note that these issues are not isolated to just Resellers Panel Hosting, and this is being viewed currently as a global attack across a wide range of web hosts on the Internet.
Also we HIGHLY recommend updating your WordPress admin password to something very secure.
Minimum password recommendations:
- At least 8 characters total
- Mixture of upper and lower-case letters
- Numbers and special characters, such as punctuation or other non-alphanumeric characters
Example weak password:
secret1
Improved strong password:
Z#hupsZ2M4!Z
We would advise you to setup a .htaccess file and restrict the login page to your own IP address.
Here is a quick guide how to do that:
Once you create the .htaccess file in your file manager (or through FTP) place the following code in the file (make sure you change the ***es to your actual IP address):
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/wp-admin$
RewriteCond %{REMOTE_ADDR} !^***.***.***.***$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>
Leave a comment: