{"id":33141,"date":"2013-04-13T18:43:04","date_gmt":"2013-04-13T13:13:04","guid":{"rendered":"https:\/\/www.quickonlinetips.com\/archives\/?p=33141"},"modified":"2020-05-24T09:58:32","modified_gmt":"2020-05-24T04:28:32","slug":"global-brute-force-attack-on-wordpress-blogs","status":"publish","type":"post","link":"https:\/\/www.quickonlinetips.com\/archives\/2013\/04\/global-brute-force-attack-on-wordpress-blogs\/","title":{"rendered":"Stop Global Brute Force Attack on Your WordPress Blogs"},"content":{"rendered":"<p><a href=\"https:\/\/www.quickonlinetips.com\/archives\/tag\/wordpress\/\">WordPress<\/a> blogs across the world are being attacked by brute force using a huge botnet. Several web hosting services have warned webmasters that they should secure their WordPress blogs.\u00a0<a href=\"http:\/\/blog.hostgator.com\/2013\/04\/11\/global-wordpress-brute-force-flood\/\" target=\"_blank\" rel=\"noopener noreferrer\">Hostgator claims<\/a> it affect all web hosts and the brute force attack is very well organized and very distributed and over 90,000 IP addresses seem to be involved in this attack.<\/p>\n<p>It is typically targeting WordPress blogs using the <strong>&#8216;Admin&#8217; user<\/strong> and using a <strong>brute force dictionary attack<\/strong> to try thousands of passwords and find passwords to hack the blogs. They say blogs will have slow WordPress backend, and maybe inability to login; and will mostly attack\u00a0VPS and Dedicated servers. Cloudflare claims to have pushed updates to all free and paying customers to block the signatures causing the attack.<\/p>\n<h2>Brute Force Attack on WordPress Blogs<\/h2>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-33144\" src=\"https:\/\/www.quickonlinetips.com\/archives\/wp-content\/uploads\/botnet-attack.jpg\" alt=\"botnet attack\" width=\"425\" height=\"282\" srcset=\"https:\/\/www.quickonlinetips.com\/archives\/wp-content\/uploads\/botnet-attack.jpg 425w, https:\/\/www.quickonlinetips.com\/archives\/wp-content\/uploads\/botnet-attack-300x199.jpg 300w\" sizes=\"(max-width: 425px) 100vw, 425px\" \/><\/p>\n<p>The \u00a0most recommended tips to avoid this attack on your site are<\/p>\n<ol>\n<li><strong>Change admin user<\/strong> &#8211; New WordPress installations by default create &#8216;Admin&#8217; as the main user. Since this attack is targeting Admin users and using brute force to detect their passwords, its a good idea to <a href=\"http:\/\/www.digitalkonline.com\/blog\/change-your-wordpress-admin-username\/\" target=\"_blank\" rel=\"noopener noreferrer\">change the admin user<\/a>.<\/li>\n<li><strong>Strong passwords<\/strong> &#8211; its a good idea to make long passwords more than 8 characters, with small and capital letters, symbols, numbers etc. Here are some best practices to <a href=\"https:\/\/en.support.wordpress.com\/security\/#strong-password\" target=\"_blank\" rel=\"noopener noreferrer\">make a strong password<\/a>.<\/li>\n<li><strong>Two-factor authentication<\/strong>\u00a0&#8211;\u00a0Wordpress.com users can\u00a0<a href=\"https:\/\/en.blog.wordpress.com\/2013\/04\/05\/two-step-authentication\/\" rel=\"noopener\">turn on two-factor authentication<\/a>, to further protect their blog. Though it may seem a little more time consuming, it is worth it.<\/li>\n<li><strong>Security WordPress plugins<\/strong> &#8211; \u00a0some of the commonly\u00a0referred\u00a0plugins to protect your site are <a href=\"https:\/\/wordpress.org\/plugins\/wordfence\/\" target=\"_blank\" rel=\"noopener noreferrer\">WordFence<\/a>\u00a0(includes firewall, virus scanning), and\u00a0Limit Login Attempts\u00a0(Limits rate of login attempts)<\/li>\n<li><strong>Upgrade WordPress<\/strong> &#8211; \u00a0Ensure you have upgraded to the latest version of WordPress. Its just a click away now with super quick upgrades.<\/li>\n<\/ol>\n<p>Have you secured your WordPress blog. It could be your blog next.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress blogs across the world are being attacked by brute force using a huge botnet. Several web hosting services have&#8230;<\/p>\n","protected":false},"author":4,"featured_media":33144,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","footnotes":""},"categories":[6,7],"tags":[17],"class_list":["post-33141","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogging","category-security","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/posts\/33141","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/comments?post=33141"}],"version-history":[{"count":0,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/posts\/33141\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/media\/33144"}],"wp:attachment":[{"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/media?parent=33141"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/categories?post=33141"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/tags?post=33141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}