This is a repost from another forum, from a representative of BeyondHosting.
"As of this week a huge new botnet consisting of over 100,000 compromised servers has began attacking wordpress installs by trying to brute force the login page.
Here are a few key things to prevent you from getting compromised and taken offline.
1. Modify your login username to something secure, not admin1 or weak user. Use a random set of chars if you can or set it to a username that is not easily guessed.
2. Set a secure password on the new user. Utilize password websites such as Strong Password Generator We recommend utilizing a password encryption service such as https://lastpass.com/
3. Make sure you've removed the admin user from your wordpress.
4. Insure wordpress is up to date and all plugins and THEMES are as well.
5. Secure wordpress with .htaccess to block all unknown ips.
.htaccess example.
Code:
<Files wp-login.php> Order Deny,Allow Deny from allAllow from replace-with-your-ip </Files>
If your server becomes heavily loaded with php processes its most likely due to this attack. We are currently receiving almost 1Gbit of traffic solely directed to wordpress sites and submitting password data."
I, like a lot of you, have several WP sites. Protect your site before it is too late! This was posted just a few minutes ago.
"As of this week a huge new botnet consisting of over 100,000 compromised servers has began attacking wordpress installs by trying to brute force the login page.
Here are a few key things to prevent you from getting compromised and taken offline.
1. Modify your login username to something secure, not admin1 or weak user. Use a random set of chars if you can or set it to a username that is not easily guessed.
2. Set a secure password on the new user. Utilize password websites such as Strong Password Generator We recommend utilizing a password encryption service such as https://lastpass.com/
3. Make sure you've removed the admin user from your wordpress.
4. Insure wordpress is up to date and all plugins and THEMES are as well.
5. Secure wordpress with .htaccess to block all unknown ips.
.htaccess example.
Code:
<Files wp-login.php> Order Deny,Allow Deny from allAllow from replace-with-your-ip </Files>
If your server becomes heavily loaded with php processes its most likely due to this attack. We are currently receiving almost 1Gbit of traffic solely directed to wordpress sites and submitting password data."
I, like a lot of you, have several WP sites. Protect your site before it is too late! This was posted just a few minutes ago.
Dislike ads? Remove them and support the forum:
Subscribe to Fastlane Insiders.