CATEGORIES
home News

Large Scale Botnet Brute Force Attack Targets WordPress Sites, Over 90K Servers Affected

by Rob WilliamsSaturday, April 13, 2013, 03:05 PM EDT

Own a website that runs on WordPress? You'll want to pay attention to this story. Since last week, there's been an ongoing brute-force attack that's targeted stand-alone WordPress installations. Like most login prompts, WordPress' will lock you out for some time after putting in an incorrect password a certain number of times, but there's an easy way to get around that by those who don't mind putting the effort in: use multiple IP addresses.

A handful of IPs wouldn't be too worrisome, but this particular attack has been monitored to use up to 90,000 of them. Clearly, there's no simple way for anyone to block such a large number of addresses from their site, and that's hardly an ideal solution anyways.

The attack has been seen to test up to 1,000 different passwords, using the default WordPress administrator login of "Admin". If your password is truly secure, you likely have nothing at all to worry about. If you've been lazy with your admin password, you'll want to go change it to something secure now. Once a site is compromised, a backdoor is installed that adds your server to this growing botnet, seeking out other sites and brute-forcing them.

As an article at Krebs on Security suggests, there are a couple of very easy steps you could take that will help amp up the level of security on your WordPress site. In addition to a secure password, you could install a plugin from Duo Security which enables two-step authentication. Going the hardcore route, you could tweak your security to allow only specific IP addresses access to the WordPress admin (this isn't ideal for those who have dynamic IPs, however).

Though WordPress is the target of this attack, there's really no exploit to speak of. The only thing WordPress could change is restricting the total number of admin login attempts regardless of the IP address being used. But again, that's a bit on the hardcore side. A strong password helps protect against this sort of attack extremely well.

Tags:  security, WordPress, Brute Force
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment