WordPress Attack *ALERT*
-
Friday, 12th April, 2013
-
08:51am
WordPress Attack
*ALERT*
There is currently a significant attack being launched at a
large number of WordPress sites across the Internet. The attacker is brute
force attacking the WordPress administrative portals, using the username
"admin" and trying thousands of passwords. It appears a botnet is
being used to launch the attack and more than tens of thousands of unique IP
addresses have been recorded attempting to hack WordPress installs.
One of the concerns of an attack like this is that the
attacker is using a relatively weak botnet of home PCs in order to build a much
larger botnet of beefy servers in preparation for a future attack. These larger
machines can cause much more damage in DDoS attacks because the servers have
large network connections and are capable of generating significant amounts of
traffic. This is a similar tactic that was used to build the so-called
itsoknoproblembro/Brobot botnet which, in the Fall of 2012, was behind the
large attacks on US financial institutions.
Please follow below steps to protect your WordPress site
from this attack.
Change your WordPress password immediately to very strong one.
Typical of a secure password should contact upper and lowercase letters, at least
eight characters long, and including “special” characters (^%$#&@*).
Install WordPress plugin for limit login attempt
https://wordpress.org/extend/plugins/limit-login-attempts/
Enabled CloudFlare from your cPanel.
As a being certified CloudFlare partner, we
have enabled CloudFlare on all our cPanel servers. Simply log-in to your cPanel
and click on the CloudFlare icon which is available under Software/Services
Also there are many other things you can do
such as changing the admin user name, up to date your WordPress installation ect.
You can ignore above if your site is not
developed using WordPress. If you have any other questions, feel free to reach
technical support desk at support@lankahost.net
or support portal
