Massive Brute Force Attacking WordPress Users Beware

Discussion in 'Articles & Tutorials' started by safame20, Jul 3, 2013.

  1. safame20

    uix_expand uix_collapse
    New Member

    Jul 3, 2013
    Likes Received:
    There is a world-wide attack going on wordpress blog so if you are a wordpress user you have reasons to be alarmed.

    Why WordPress?

    WordPress is the most poplular platform for creating blogs. The users who post content using wordpress is large. It connects and form a very large network of users.

    How to recognize an attack?
    If you are missing some images in your blog or if you are finding some content changes or the most certain way to recognize attack is that if you are finding constant timeouts for your webpages.
    View attachment 1717

    How does the Attack Occur:
    The brute force attack occurs when hackers try to enter your system using the username admin
    then they forcefully try to break your password using different combinations. This attack is similar to the DDos attack which happened earlier causing timeouts in your server.

    How to Protect yourself: There are a few ways to protect yourself against these attacks.

    1. Change your username from admin to something else: It is very easy to change your username. JUst login as Admin. Create a new User in the Users menu. You have to specify a different email then what you were using. Do not worry as we can change it later. Give this user Administrative previliages. Now Delete the old Administrative account by the username admin. Change email to previous email. That is it you are done.

    2. Implement SSL: Few people know that SSL for wordpress is free. Just go to the wordpress site and install the key.

    3. .htaccess file: Make sure you protect your wpconfig file by protecting it in .htaccess file

    # protect wpconfig.php
    <files wp-config.php>
    order allow,deny
    deny from all

    4. Lastly give a strong password using Symobols like(#,@), Number,Capital letter and lower case letters

    5. Block the users from posting URLS: there is a script called anti-spam extra search for it in Word press website.

    These are some of the steps you can take to protect yourself against the attack

    written by: Saurabh Gupta ([email protected])

    (You are free to distribute this article as a free report or on your website without making changes to its current form and provided a link is given to our website)

Share This Page