Recently, brute force attack is occurring on WordPress installations around the world.
It is a well coordinated attack and it's currently hitting a large number of installs.
They are trying to gain access to WordPress logins by using easily guessable passwords.
If you password protected your WordPress using something from a dictionary such as
"p4ssw0rd" or "abc123" then your blog can be vulnerable. Once they gain accesss, they
upload malicious files to the directory which enables them to spam or collect personal information.
The symptoms of this attack are sluggish access to your WordPress site, or an inability to log in.
In some instances your site could even intermittently go down for short periods.
To mitigate this attack, you are advised to set a stronger password and add another
layer of protection by password protecting your wp-login.php
Here's the method on how to add the additional protection layer to your Wordpress blog:
Step 1: Create the Password File
Create a file named .wpadmin
and place it in your home directory, where visitors can't access it.
EXAMPLE: /home/username/.wpadmin
cPanel/DirectAdmin home directory: /home/username/ (where 'username' is the cpanel/directadmin username of your account).
WebsitePanel home directory: /home/domain/ (where 'domain' is the domain name associated with your hosting account).
Open a new web browser and type http://www.htaccesstools.com/htpasswd-generator/ and enter your username and password.
.wpadmin
file, using the format username:encryptedpassword
For example, my output is
apple:$apr1$gaulVKEm$smsg6EJU6LijtwycYsPry0
Save the .wpadmin file and upload it using FTP client or File Manager into /home/username.
Under your publicly accessible directory, the last step is to place the following code in the /home/username/.htaccess
file:
ErrorDocument 401 "Unauthorized Access"
ErrorDocument 403 "Forbidden"
<FilesMatch "wp-login.php">
AuthName "Authorized Only"
AuthType Basic
AuthUserFile /home/username/.wpadmin
require valid-user
</FilesMatch>
In the past week, a global distributed, brute force attack is occurring on WordPress installations around the world.
It is a well coordinated attack and it's currently hitting a large number of installs. They are trying to gain access to WordPress logins by using easily guessable passwords.
If you password protected your WordPress using something from a dictionary such as "password" or "123456" then your installation can be vulnerable. Once they gain accesss, they upload malicious files to the directory which enables them to spam or collect personal information.
We recommend logging into your admin panel and change the password to a stronger one as recommended by WordPress.
To mitigate this attack, we are putting extra security measures that will automatically ban the ip address for several 5 minutes after several failed login attemps.
The symptoms of this attack are sluggish access to your WordPress site, or an inability to log in. In some instances your site could even intermittently go down for short periods.
You can add another layer of protection by password protecting your wp-login.php file. That means the hackers will need to guess through two layers of authentication. To see this in action, check our admin login page by going to http://blog.canadianwebhosting.com/wp-login.php. There is now a popup prompt and if they pass the first layer, then they will need to guess the second one with thewp-login.php page.
To add this additional security, do the following:
- See more at: http://blog.canadianwebhosting.com/wordpress-brute-force-attack/#sthash.mooKYnQx.dpufIn the past week, a global distributed, brute force attack is occurring on WordPress installations around the world.
It is a well coordinated attack and it's currently hitting a large number of installs. They are trying to gain access to WordPress logins by using easily guessable passwords.
If you password protected your WordPress using something from a dictionary such as "password" or "123456" then your installation can be vulnerable. Once they gain accesss, they upload malicious files to the directory which enables them to spam or collect personal information.
We recommend logging into your admin panel and change the password to a stronger one as recommended by WordPress.
To mitigate this attack, we are putting extra security measures that will automatically ban the ip address for several 5 minutes after several failed login attemps.
The symptoms of this attack are sluggish access to your WordPress site, or an inability to log in. In some instances your site could even intermittently go down for short periods.
You can add another layer of protection by password protecting your wp-login.php file. That means the hackers will need to guess through two layers of authentication. To see this in action, check our admin login page by going to http://blog.canadianwebhosting.com/wp-login.php. There is now a popup prompt and if they pass the first layer, then they will need to guess the second one with thewp-login.php page.
To add this additional security, do the following:
- See more at: http://blog.canadianwebhosting.com/wordpress-brute-force-attack/#sthash.mooKYnQx.dpuf