Wordpress Attack & Protection

Sunday, April 21, 2013

There is currently a significant attack being launched at a large number of WordPress blogs across the Internet. The attacker is brute force attacking the WordPress administrative portals, using the username "admin" and trying thousands of passwords. It appears a botnet is being used to launch the attack and more than tens of thousands of unique IP addresses have been recorded attempting to hack WordPress installs.

We have provided 2 methods below which will help you secure your Wordpress install:

Fix 1

To see if your site is being targeted, there’s a great Activity Monitor plugin.

http://wordpress.org/extend/plugins/threewp-activity-monitor/

And if you are being targeted (you’ll see the failed login attempts), use the Limit Login Attempts plugin to prevent brute force attempts from gaining access to your site.

http://wordpress.org/extend/plugins/limit-login-attempts/

Fix 2

If you are running a WordPress blog and want to ensure you are protected from this attack, you can sign up for CloudFlare's free plan (Not available to users with SSL certificates) and the protection is automatic. CloudFlare will continue to monitor the details of the attack and publish details about what we learn.

If you are experiencing any issues or require any further information please contact us.


« Back