Home > General > Affiliate Marketing Forum

Secure your wordpress before its to late. -- MASSIVE WORDPRESS ATTACK (15)

04-15-2013 05:37 PM #1 BeyondHosting-Tyler (Member)
Secure your wordpress before its to late. -- MASSIVE WORDPRESS ATTACK

As of this week a huge new botnet consisting of over 100,000 compromised servers has began attacking wordpress installs all over the world by trying to brute force the login page.

Here are a few key things to prevent you from getting compromised and taken offline.

1. Modify your login username to something secure, not admin1 or weak user. Use a random set of chars if you can or set it to a username that is not easily guessed.
2. Set a secure password on the new user. Utilize password websites such as http://strongpasswordgenerator.com/ We recommend utilizing a password encryption service such as https://lastpass.com/
3. Make sure you've removed the admin user from your wordpress.
4. Insure wordpress is up to date and all plugins and THEMES are as well.
5. Secure wordpress with .htaccess to block all unknown ips.

.htaccess example.

Code:
<Files wp-login.php> 
Order Deny,Allow 
Deny from all
Allow from replace-with-your-ip  
</Files>
If your server becomes heavily loaded with php processes its most likely due to this attack. We are currently receiving almost 1Gbit of traffic solely directed to wordpress sites and submitting password data.

04-15-2013 05:40 PM #2 BeyondHosting-Tyler (Member)

Mods can we get this sticky'd please?

04-15-2013 06:13 PM #3 ungodly (Member)

Thanks for the heads up Tyler!

04-15-2013 06:36 PM #4 sandyone (Member)

I gave up on WP for this reason.

04-15-2013 07:38 PM #5 butthole (Member)

how do we check to see if they already got in?

04-15-2013 07:43 PM #6 BeyondHosting-Tyler (Member)

Quote Originally Posted by butthole View Post
how do we check to see if they already got in?
At this point were not sure how to verify the compromise. We are still examining infected installations to find common patterns.

04-15-2013 07:57 PM #7 dragoshsd (Member)

First thing I'd do is check the home page source for unknown links.

04-15-2013 10:18 PM #8 mothpockets (Member)

i recommend Wordfence and Better WP Security plugins, both are pretty feature-rich and have wizards for common security fixes

04-15-2013 10:58 PM #9 localdentist (Member)

I have wordfence, cloudflare, and the .htc access deny on my multi-site

All covered.

04-15-2013 11:17 PM #10 sandyone (Member)

Butthole, Look at you httacess

04-15-2013 11:41 PM #11 cataclysm1987 (Member)

FYI this is not just Beyond Hosting, MyHosting and a few other places have been hit too.

This is clearly the work of Anonymous. They must be leading a revolution against Wordpress or something. @#$!.

04-16-2013 02:22 AM #12 BeyondHosting-Tyler (Member)

Its an ongoing thing, we've blocked a few different networks already trying to reduce the impact of this. I gotta say these attacks are getting old fast.

04-16-2013 05:20 AM #13 Mr Green (Administrator)

Yep I've been slammed by wordpress hacks...fucking annoying.

04-16-2013 10:55 AM #14 Finch (Moderator)

I've had a couple of blogs breached too.

I wouldn't mind the ordeal if there was a resemblance of a point to it. Keyboard warrior extremism

04-16-2013 08:30 PM #15 stian (Member)

This guide; http://community.namecheap.com/blog/...ecurity-guide/ covers a couple of good plugins and ways to secure your WP install. BPS can be a pain to get going (especially with W3TC) but def worth it !

And wordfence as described earlier in this post

Home > General > Affiliate Marketing Forum