Announcement

**clivejo** · 12-04-2013, 01:42 PM

I have noticed this too, continuously hammering on the login page. If you haven’t got a static IP address, you could install the following plug-in.

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

http://wordpress.org/extend/plugins/better-wp-security/

Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.

There are two nice features to disrupt brute force attacks

1) Set-up a failed login limit. For example if the IP gets the login wrong the plugin adds the IP to your blocked list for a set period of time. In certain cases I have set it to block after 2 wrong attempts and to block for an hour.

2) Change your login path. This feature changes the login path to a custom one so that an attacker cant guess it. ie (mydomain.com/mysecretlogin1234) It updates all the files automatically so you dont have to go editing the .htaccess file yourself.

**peterd** · 12-04-2013, 02:47 PM

This information has been posted inside the hosting control panel to be visible to all customers using Wordpress too.

**clivejo** · 12-04-2013, 03:02 PM

Have there been any cases of the attack succeeding? Is there anything can be done at network level?

**clivejo** · 12-04-2013, 03:41 PM

Originally posted by peterd View Post

This information has been posted inside the hosting control panel to be visible to all customers using Wordpress too.

Hi Peterd,

My suggestions are based on installing the plug in "Better WP Security" which then allows you to access the features I mentioned. It also has a Dashboard which allows you to see other security precautions you can make to make your site more secure.

**yav0r** · 12-04-2013, 05:35 PM

the things we are referring to i.e. the .htaccess file is purely on local level i.e. user lever.

There is no network level resolution neither with us or with the competition so far. Wordpress hasn't come up with a solutions to it yet.
It appears that some hackers got about 90k IPs where wordpress is running and are continuously trying to brute force.

Common practice when working with any type of script is not to include any plugins in any of the resolutions of the problem. That is when hosting providers and the actual script developers are concerned.

We will not offer a solutions to our customers when it comes to installing additional plugins.

The login path is not going to work a lot better considering the hackers got a list of Ips where wordpress is installed. I am 1000% sure they can find the proper login in no time

We will update you with more news when we have any.

**caseyd** · 12-04-2013, 05:41 PM

Also,

If you feel your wordpress site has been compromised, in addition to change your password you should also change your salts located in your wp-config.php file.

Here is a salt generator, just copy paste over the ones you currently have.

https://api.wordpress.org/secret-key/1.1/salt/

You should also be sure to use a different username than "admin".

**caseyd** · 12-04-2013, 05:48 PM

And WOW! better-wp-security may be the best plugin I have ever seen. Thank you so much for the suggestion.

**clivejo** · 12-04-2013, 06:01 PM

Originally posted by yav0r View Post

Common practice when working with any type of script is not to include any plugins in any of the resolutions of the problem. That is when hosting providers and the actual script developers are concerned.

We will not offer a solutions to our customers when it comes to installing additional plugins.

I understand Yan. I offered the suggestion as I have found it helpful in the past for dealing with and keeping informed (it emails me) of these kind of attacks. Ideally not having these guys hammering at our login pages would be the best solution, but if anything makes things difficult for them, them I'm going to try it

**yav0r** · 15-04-2013, 03:38 PM

Wordfence and better wp security does seem to be the best way to go about it considering what users have been ranting about all over the Internet during the weekend.

I personally sleep much better by having both installed!!!

So far hackers have only been using slow traffic botnets meaning infected home PCs and such. Luckily they don't have any heavy artillery up their sleeve or we will be in the deep then.

Its almost like they are not trying hard enough...

**index.html** · 16-04-2013, 03:08 AM

Originally posted by yav0r View Post

Wordfence and better wp security does seem to be the best way to go about it considering what users have been ranting about all over the Internet during the weekend.

I personally sleep much better by having both installed!!!

Hi Yan,

1/ I have installed WordFence and find it very good. Should I install Better WP Security too? Doesn't that do the same thing? And will the two clash?

2/ Re changing the wp-admin path I found a great plugin for this without having to restrict via the htaccess file. [I want to be able to login from other IP's when away from the office - as do many of my wordpress clients]

Its called 'Stealth Login Page' - it changes the 'wp-admin/' path to a secret login path/page of your choice. It also redirects anyone entering the normal 'wp-admin' URL to another address of your choice. This is their home page if anyone is interested - http://www.petersenmediagroup.com/pl...th-login-page/

Cheers

**yav0r** · 16-04-2013, 09:17 AM

The Better WP Security has some exclusive features such as the option to change the admin username to something else as well as change your ID from 1 to something else.

I haven't seen that in the WordFence plugin but if you can do that yourself from the database like we used to when there were no such helpful plugins

than you really don't need the better WP security plugin.

Changing the wp-admin area is good however there are scanners which look for the actual .php file which is used to load the admin area so it will slow them down but not stop them

**index.html** · 16-04-2013, 10:29 PM

Originally posted by yav0r View Post

The Better WP Security has some exclusive features such as the option to change the admin username to something else as well as change your ID from 1 to something else.

I haven't seen that in the WordFence plugin but if you can do that yourself from the database like we used to when there were no such helpful plugins

than you really don't need the better WP security plugin.

Changing the wp-admin area is good however there are scanners which look for the actual .php file which is used to load the admin area so it will slow them down but not stop them

Thanks yan - I will check out Better WP Security.

Meanwhile, you may be right about changing the wp-admin path. Since I did so yesterday - WordFence has locked out 3 IP addresses for failed login attempts from 3 sources -

**yav0r** · 25-04-2013, 12:56 PM

Hello,

For those of you using Wordfence you already probably got the e-mail but just in case:

A security hole that allows anyone to execute any command on your WordPress server has been discovered in the WP Super Cache and W3 Total Cache plugins.

WHAT TO DO: Upgrade to the newest version of both these plugins immediately The security holes have been fixed by the developers.

The impact of these security holes can't be overstated. They allow anyone to bypass all security and gain complete access to your WordPress site.

Hope that helps you all to stay safe!

**doneritehosting** · 25-04-2013, 11:26 PM

I'm using better wordpress security.. In about 2 weeks I have accumulated 1162 failed logins to this moment.. All I can say is wow..

Announcement

Wordpress Brute Frorce Attacks

Wordpress Brute Frorce Attacks

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment