Stop Global Brute Force Attack on Your WordPress Blogs

WordPress blogs across the world are being attacked by brute force using a huge botnet. Several web hosting services have warned webmasters that they should secure their WordPress blogs. Hostgator claims it affect all web hosts and the brute force attack is very well organized and very distributed and over 90,000 IP addresses seem to be involved in this attack.

It is typically targeting WordPress blogs using the ‘Admin’ user and using a brute force dictionary attack to try thousands of passwords and find passwords to hack the blogs. They say blogs will have slow WordPress backend, and maybe inability to login; and will mostly attack VPS and Dedicated servers. Cloudflare claims to have pushed updates to all free and paying customers to block the signatures causing the attack.

Brute Force Attack on WordPress Blogs

botnet attack

The  most recommended tips to avoid this attack on your site are

  1. Change admin user – New WordPress installations by default create ‘Admin’ as the main user. Since this attack is targeting Admin users and using brute force to detect their passwords, its a good idea to change the admin user.
  2. Strong passwords – its a good idea to make long passwords more than 8 characters, with small and capital letters, symbols, numbers etc. Here are some best practices to make a strong password.
  3. Two-factor authentication – users can turn on two-factor authentication, to further protect their blog. Though it may seem a little more time consuming, it is worth it.
  4. Security WordPress plugins –  some of the commonly referred plugins to protect your site are WordFence (includes firewall, virus scanning), and Limit Login Attempts (Limits rate of login attempts)
  5. Upgrade WordPress –  Ensure you have upgraded to the latest version of WordPress. Its just a click away now with super quick upgrades.

Have you secured your WordPress blog. It could be your blog next.

Share with friends

About the Author: P Chandra is editor of QOT, one of India's earliest tech bloggers since 2004. A tech enthusiast with expertise in coding, WordPress, web tools, SEO and DIY hacks.