Wordpress brute attacks - What are you doing ?

Discussion in 'Wordpress' started by simplyjo, Apr 12, 2013.

  1. simplyjo

    simplyjo
    uix_expand uix_collapse
    Member

    Joined:
    May 11, 2009
    Messages:
    555
    Likes Received:
    17
    Which hosting do you use and are you facing any issues ? There are brute force attacks on wordpress across the world :( My sites are all locked by my hosting. Anyone has any updates or how to resolve this error at time of WP login - Wordpress administrator area access disabled temporarily due to widespread brute force attacks.
     
  2. lynxus

    lynxus
    uix_expand uix_collapse
    Member

    Joined:
    Feb 20, 2013
    Messages:
    112
    Likes Received:
    25
    Two things I do..

    1 ) Move wp-admin to a different directory.
    2 ) Add HTaccess and only allow access to that directory from my IP address.

    Done.
     
    • Like Like x 1
  3. simplyjo

    simplyjo
    uix_expand uix_collapse
    Member

    Joined:
    May 11, 2009
    Messages:
    555
    Likes Received:
    17
    Wow. I have no clue how to do either. I am technically totally clueless :(
    I don't even know what all this means . I asked my hosting and they said something similar. But understanding it and doing it for all of my 25+ websites ? Isn't it a huge task ?
    Is this is a temporary situation, though ?
     
  4. LordRoco

    LordRoco
    uix_expand uix_collapse
    Member

    Joined:
    Feb 9, 2013
    Messages:
    154
    Likes Received:
    27
    I have beefed up all the user and database passwords as well the usernames have been changed from the default 'admin' to a more robust ones. I have also performed the blog backup so that in any event, the data remains intact. Mine uses a custom theme and I dont want anyone to rip that off me!
     
  5. Scarface_007

    Scarface_007
    uix_expand uix_collapse
    Premium Member
    Premium Member

    Joined:
    Jan 25, 2013
    Messages:
    555
    Likes Received:
    62
    Hmm strange, I'm able to login to my wordpress site without any problem.
     
  6. LordRoco

    LordRoco
    uix_expand uix_collapse
    Member

    Joined:
    Feb 9, 2013
    Messages:
    154
    Likes Received:
    27
    All blogs wont get affected. Its just that an alarming number of them are and that is the reason why CloudFare triggered a internet wide alarm. They have done this so that you are pre-warned and can take all necessary actions to ensure your blog doesnt get targeted.
     
  7. TimeRider

    TimeRider
    uix_expand uix_collapse
    Active Member

    Joined:
    Apr 6, 2008
    Messages:
    2,761
    Likes Received:
    416
    I was getting some spam posts on my Wordpress. But It's all okay now. I think Wordpress are nowadays being a easy target for spams and bruteforce If you don't have a tight security.
     
  8. simplyjo

    simplyjo
    uix_expand uix_collapse
    Member

    Joined:
    May 11, 2009
    Messages:
    555
    Likes Received:
    17
    Right, I am hoping its temporary as I know zilch about backup/security measures.
     
  9. Rocky

    Rocky
    uix_expand uix_collapse
    Member

    Joined:
    Nov 3, 2012
    Messages:
    675
    Likes Received:
    182
    If you cannot do it yourself then it is best to ask your hosting provider to do it for you. Or find a better solution to the problem since they have blocked access to your sites which is not the best solution.
     
  10. daytrader

    daytrader
    uix_expand uix_collapse
    Active Member

    Joined:
    Jul 29, 2009
    Messages:
    1,678
    Likes Received:
    216
    It happen to one of my wodpress site. I found outnabout itnweeks ago before the news was out. So i once again upload a wp-admin directory and change password.
     
  11. FB92

    FB92
    uix_expand uix_collapse
    Member

    Joined:
    Dec 11, 2010
    Messages:
    193
    Likes Received:
    31
    Usually it would be something you are doing to cause this.

    I have run numerous Wordpress sites for personal and client use. I have never had any issues with brute force attacks and I do not have much security on my site. I use a backup and security plugin but that is all.

    So I don't understand why it is happening to you, and not me when I more than likely run more Wordpress sites than you currently.

    Maybe it's time you move hosts.
     
  12. daytrader

    daytrader
    uix_expand uix_collapse
    Active Member

    Joined:
    Jul 29, 2009
    Messages:
    1,678
    Likes Received:
    216
    I believe they target the host for reason andtheycoulddo it to any hosting company though.
     
  13. Scarface_007

    Scarface_007
    uix_expand uix_collapse
    Premium Member
    Premium Member

    Joined:
    Jan 25, 2013
    Messages:
    555
    Likes Received:
    62
    I have recieved alert notice from my host regards to this I hope my site stays up without this problem.
     
  14. simplyjo

    simplyjo
    uix_expand uix_collapse
    Member

    Joined:
    May 11, 2009
    Messages:
    555
    Likes Received:
    17
    Its happening with some other people I know from different hosts. I think even Hostgator has a notice about this. I am not sure why its happening but my hosting said its a security measure.
     
  15. rourkem

    rourkem
    uix_expand uix_collapse
    Member

    Joined:
    Sep 27, 2014
    Messages:
    43
    Likes Received:
    0
    I think it would be best to get a dedicated server for this since you will have shell access and you can configure your own firewall rules to counter those brute force attack. Disabling ping would be a good one to start with. [​IMG]
     
  16. Kevin Peter

    Kevin Peter
    uix_expand uix_collapse
    Banned

    Joined:
    Feb 18, 2015
    Messages:
    170
    Likes Received:
    8
    Is there a repeat of such issue since 2013? Any guidance on how to improvise and protect?
     
  17. estardabill

    estardabill
    uix_expand uix_collapse
    New Member

    Joined:
    Sep 4, 2016
    Messages:
    4
    Likes Received:
    1
    install wordfences plugin and block the ip to login in and hide the login area of your website.
     
    • Like Like x 1
  18. WebMedic

    WebMedic
    uix_expand uix_collapse
    New Member

    Joined:
    Sep 12, 2016
    Messages:
    18
    Likes Received:
    1

Share This Page