Announcement

Collapse
No announcement yet.

Wordpress Brute Frorce Attacks

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • caseyd
    replied
    I've been blocking ip addresses with .htaccess, but my list is growing! I'm worried about affecting performance. Do you think having too many "Deny from xx.xx.xx.xx"'s in my .htaccess will have a negative affect on performance? Is there any other way to block? I know you can do it with httpd.conf.. but I don't think we have access to that.

    Leave a comment:


  • yav0r
    replied
    In Wordfence it is in Live traffic -> Logins & Logouts tab.

    Leave a comment:


  • clivejo
    replied
    How do you monitor it?

    Leave a comment:


  • yav0r
    replied
    I am going to use this for advertisement lol Its a good thing all the hosting community reacted so swiftly and the damage is minimal.

    I have been monitoring our clients and apart from a couple of cases most of the clients are safe (in percentage it is close to 0%).

    I am very happy to see when even the competition joins forces in such cases

    Leave a comment:


  • doneritehosting
    replied
    I'm using better wordpress security.. In about 2 weeks I have accumulated 1162 failed logins to this moment.. All I can say is wow..

    Leave a comment:


  • yav0r
    replied
    Hello,

    For those of you using Wordfence you already probably got the e-mail but just in case:

    A security hole that allows anyone to execute any command on your WordPress server has been discovered in the WP Super Cache and W3 Total Cache plugins.

    WHAT TO DO: Upgrade to the newest version of both these plugins immediately The security holes have been fixed by the developers.

    The impact of these security holes can't be overstated. They allow anyone to bypass all security and gain complete access to your WordPress site.

    Hope that helps you all to stay safe!

    Leave a comment:


  • index.html
    replied
    Originally posted by yav0r View Post
    The Better WP Security has some exclusive features such as the option to change the admin username to something else as well as change your ID from 1 to something else.

    I haven't seen that in the WordFence plugin but if you can do that yourself from the database like we used to when there were no such helpful plugins than you really don't need the better WP security plugin.

    Changing the wp-admin area is good however there are scanners which look for the actual .php file which is used to load the admin area so it will slow them down but not stop them

    Thanks yan - I will check out Better WP Security.

    Meanwhile, you may be right about changing the wp-admin path. Since I did so yesterday - WordFence has locked out 3 IP addresses for failed login attempts from 3 sources -

    Leave a comment:


  • yav0r
    replied
    The Better WP Security has some exclusive features such as the option to change the admin username to something else as well as change your ID from 1 to something else.

    I haven't seen that in the WordFence plugin but if you can do that yourself from the database like we used to when there were no such helpful plugins than you really don't need the better WP security plugin.

    Changing the wp-admin area is good however there are scanners which look for the actual .php file which is used to load the admin area so it will slow them down but not stop them

    Leave a comment:


  • index.html
    replied
    Originally posted by yav0r View Post
    Wordfence and better wp security does seem to be the best way to go about it considering what users have been ranting about all over the Internet during the weekend.


    I personally sleep much better by having both installed!!!
    Hi Yan,

    1/ I have installed WordFence and find it very good. Should I install Better WP Security too? Doesn't that do the same thing? And will the two clash?

    2/ Re changing the wp-admin path I found a great plugin for this without having to restrict via the htaccess file. [I want to be able to login from other IP's when away from the office - as do many of my wordpress clients]

    Its called 'Stealth Login Page' - it changes the 'wp-admin/' path to a secret login path/page of your choice. It also redirects anyone entering the normal 'wp-admin' URL to another address of your choice. This is their home page if anyone is interested - http://www.petersenmediagroup.com/pl...th-login-page/

    Cheers

    Leave a comment:


  • yav0r
    replied
    Wordfence and better wp security does seem to be the best way to go about it considering what users have been ranting about all over the Internet during the weekend.


    I personally sleep much better by having both installed!!!

    So far hackers have only been using slow traffic botnets meaning infected home PCs and such. Luckily they don't have any heavy artillery up their sleeve or we will be in the deep then.


    Its almost like they are not trying hard enough...

    Leave a comment:


  • clivejo
    replied
    Originally posted by yav0r View Post
    Common practice when working with any type of script is not to include any plugins in any of the resolutions of the problem. That is when hosting providers and the actual script developers are concerned.

    We will not offer a solutions to our customers when it comes to installing additional plugins.
    I understand Yan. I offered the suggestion as I have found it helpful in the past for dealing with and keeping informed (it emails me) of these kind of attacks. Ideally not having these guys hammering at our login pages would be the best solution, but if anything makes things difficult for them, them I'm going to try it

    Leave a comment:


  • caseyd
    replied
    And WOW! better-wp-security may be the best plugin I have ever seen. Thank you so much for the suggestion.

    Leave a comment:


  • caseyd
    replied
    Also,

    If you feel your wordpress site has been compromised, in addition to change your password you should also change your salts located in your wp-config.php file.

    Here is a salt generator, just copy paste over the ones you currently have.

    https://api.wordpress.org/secret-key/1.1/salt/

    You should also be sure to use a different username than "admin".

    Leave a comment:


  • yav0r
    replied
    the things we are referring to i.e. the .htaccess file is purely on local level i.e. user lever.

    There is no network level resolution neither with us or with the competition so far. Wordpress hasn't come up with a solutions to it yet.
    It appears that some hackers got about 90k IPs where wordpress is running and are continuously trying to brute force.


    Common practice when working with any type of script is not to include any plugins in any of the resolutions of the problem. That is when hosting providers and the actual script developers are concerned.

    We will not offer a solutions to our customers when it comes to installing additional plugins.

    The login path is not going to work a lot better considering the hackers got a list of Ips where wordpress is installed. I am 1000% sure they can find the proper login in no time

    We will update you with more news when we have any.

    Leave a comment:


  • clivejo
    replied
    Originally posted by peterd View Post
    This information has been posted inside the hosting control panel to be visible to all customers using Wordpress too.
    Hi Peterd,

    My suggestions are based on installing the plug in "Better WP Security" which then allows you to access the features I mentioned. It also has a Dashboard which allows you to see other security precautions you can make to make your site more secure.

    Leave a comment:

Working...
X