WordPress brute force attack

In recent days there has been a massive brute force attack on WordPress websites. The new is all over the internet, but it is nothing like ‘hacking sprees’ in the past. There is close to nothing about this on the WP forums, indicating that the more ‘serious’ WP user is not affected. This quite logical, since the attack involves nothing more than trying to log in using obvious credentials such as “admin” (in earlier versions the default user) and “welcome” or something stupid like that. There is another risk though. The bot can keep pumping login attempts on your login screen until your server goes down.

So, should you have a WP powered website, there are a few things to take care of quickly (if you have not done so): get rid of that user named “admin” (I can tell you how if you cannot figure it out) and install a plugin such as “limit login attempts” so that after a few attempts the IP is blocked from using your serverload and they will have to use another IP to try again.

For your information. I have a few WP websites, but none displays strange login activities, so perhaps this thing is made bigger than it really is. But, better safe than sorry!

More about this at Sucuri.net.

Leave a Reply

Your email address will not be published. Required fields are marked *