• Plans & Pricing (On Sale!)
  • Client Login
Web Hosting Blog from MonsterMegs Web Hosting Blog from MonsterMegs
  • Plans & Pricing (On Sale!)
  • Client Login

WordPress wp-login.php Brute Force Attack

  • Admin
  • April 12, 2013
  • 3 minute read
Wordpress wp-login.php Brute Force Attack 1

Over the last couple days a huge threat and nuisance has evolved that is effecting nearly all web hosting providers. This brute force attack is being conducted by a large botnet consisting of thousands of unique IP addresses across the world.  The attacker is brute force attacking the WordPress administrative portals, using the username “admin” and trying thousands of passwords.

One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack. These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic. This is a similar tactic that was used to build the so-called itsoknoproblembro/Brobot botnet which, in the Fall of 2012, was behind the large attacks on US financial institutions.

Table of Contents
1. Here are a few of the things you can do to help protect your site from this attack
2. What we are doing on our end to block these attempts

Here are a few of the things you can do to help protect your site from this attack

  1. Most Important – Make sure you are running the latest version of WordPress and that all plugins and themes are up to date.
  2. Remove any outdated or unused themes or plugins. If you are not using the themes of plugins, they are just taking up space and wasting resources.
  3. Use a secure password. This is vital to avoid your website being brute forced. A strong password will consist of:

    Minimum password recommendations:

    – At least 8 characters total
    – Mixture of upper and lower-case letters
    – Numbers and special characters, such as punctuation or other non-alphanumeric charactersExample weak password:
    password123Improved strong password:
    Z$xusptZ2M4!Z
  4. Install the WordPress plugin “Limit Login Attempts“. This will limit the login attempts to a set number. Once this limit is reached, then ip will be blocked for a defined amount of time.
  5. Enable CloudFlare within your cpanel. CloudFlare announced yesterday that they have added rules within their system to prevent this attack. CloudFlare can be enabled in any customers cpanel account with just a few clicks.

What we are doing on our end to block these attempts

To be honest we have not had to do much. We have actually been unaffected up to this point, unlike many hosting companies that are being crippled by this attack. We believe this is directly related to the Anti-DDos feature within LiteSpeed Web Server on our LiteSpeed Powered Web Hosting. We have checked the logs over the last couple days and can see that the Anti-DDos system has been been blocking ips on a regular basis. The Anti-DDos feature has always been great for blocking low level DDos attacks, but now we can see there are many other benefits of this feature.

While the Anti-DDos feature has worked great and left us unaffected, we have still taken further measures within each server to further protect our customers from this attack. We won’t go into details about the steps we have taken, as to not allow these attackers gain any further knowledge on what is being done to protect against these attacks and figure out a way to work around them. Our customers should just know that we have taken several steps and they have proven to combat against this attack.

While we feel confident that we have successfully blocked this attack for the time being, we are keeping an eye on the situation very closely. Attacks like this can quickly change their approach and we may need to adjust to keep the attack at bay. If we see any drastic changes or notice any incoming effects from this attack, we will inform customers immediately with more information and what steps are required from them or what we are doing to adjust to the attack.

 

Share 0
Tweet 0
Pin it 0
Share 0
Share 0
You May Also Like
Stay in the Loop with Our New Service Status Page 2
View Post
  • 2 min

Stay in the Loop with Our New Service Status Page

  • February 24, 2023
Boost Your WordPress Site's Speed with LiteSpeed Cache 3
View Post
  • 5 min

Boost Your WordPress Site’s Speed with LiteSpeed Cache

  • December 29, 2022
Introducing Mail.Baby (MailChannels) Email Delivery 4
View Post
  • 3 min

Introducing Mail.Baby (MailChannels) Email Delivery

  • February 18, 2022
Introducing Imunify360 - AI Powered Security Suite 5
View Post
  • 4 min

Introducing Imunify360 – AI Powered Security Suite

  • April 5, 2021
PHP 8 Now Available on All Servers 6
View Post
  • 2 min

PHP 8 Now Available on All Servers

  • January 13, 2021
What is Semi-Dedicated Hosting? 7
View Post
  • 4 min

What is Semi-Dedicated Hosting?

  • November 23, 2020
Buying Web Hosting With Bitcoin 8
View Post
  • 3 min

Buying Web Hosting With Bitcoin

  • November 17, 2020
Automatic Wordpress Backups Using CodeGuard 9
View Post
  • 2 min

Automatic WordPress Backups Using CodeGuard

  • October 21, 2020

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Stay in the Loop with Our New Service Status Page 10
    Stay in the Loop with Our New Service Status Page
    • February 24, 2023
  • Boost Your WordPress Site's Speed with LiteSpeed Cache 11
    Boost Your WordPress Site’s Speed with LiteSpeed Cache
    • December 29, 2022
  • Introducing Mail.Baby (MailChannels) Email Delivery 12
    Introducing Mail.Baby (MailChannels) Email Delivery
    • February 18, 2022
  • Introducing Imunify360 - AI Powered Security Suite 13
    Introducing Imunify360 – AI Powered Security Suite
    • April 5, 2021
  • PHP 8 Now Available on All Servers 14
    PHP 8 Now Available on All Servers
    • January 13, 2021

Subscribe now to our newsletter

  • Shared Hosting
  • Reseller Hosting
  • Semi-Dedicated Hosting
  • Domain Registration
© 2022 MONSTERMEGS, INC. ALL RIGHTS RESERVED

Input your search keywords and press Enter.