Large Scale Botnet Brute Force Attack Targets WordPress Sites, Over 90K Servers Affected

Own a website that runs on WordPress? You'll want to pay attention to this story. Since last week, there's been an ongoing brute-force attack that's targeted stand-alone WordPress installations. Like most login prompts, WordPress' will lock you out for some time after putting in an incorrect password a certain number of times, but there's an easy way to get around that by those who don't mind putting the effort in: use multiple IP addresses.

A handful of IPs wouldn't be too worrisome, but this particular attack has been monitored to use up to 90,000 of them. Clearly, there's no simple way for anyone to block such a large number of addresses from their site, and that's hardly an ideal solution anyways.

The attack has been seen to test up to 1,000 different passwords, using the default WordPress administrator login of "Admin". If your password is truly secure, you likely have nothing at all to worry about. If you've been lazy with your admin password, you'll want to go change it to something secure now. Once a site is compromised, a backdoor is installed that adds your server to this growing botnet, seeking out other sites and brute-forcing them.

As an article at Krebs on Security suggests, there are a couple of very easy steps you could take that will help amp up the level of security on your WordPress site. In addition to a secure password, you could install a plugin from Duo Security which enables two-step authentication. Going the hardcore route, you could tweak your security to allow only specific IP addresses access to the WordPress admin (this isn't ideal for those who have dynamic IPs, however).

Though WordPress is the target of this attack, there's really no exploit to speak of. The only thing WordPress could change is restricting the total number of admin login attempts regardless of the IP address being used. But again, that's a bit on the hardcore side. A strong password helps protect against this sort of attack extremely well.



blog comments powered by Disqus