Litabi
A day ago, I bumped into a blog post from HostGator reporting a Global WordPress brute force attack.
What a lazy soul I was ?!!
I procrastinated taking precautionary measures and BAM!
I’ve seen my brand new blog being attacked and intruded on. Before the attack had happened and I got to see a message – “account has been suspended for my-blog.com” when I attempted to login to the admin dashboard, I experienced a weirdly sluggish load time in my admin panel. Also, while I tried uploading a template, I was thrown a message saying “WordPress Violation” and then the site just crashed.
I got the whole thing fixed through my hosting provider. They just reinstalled the blog for me and I now set it up on Joomla.
I was very lucky coz there was no data for me to lose as it was an absolute new WordPress blog.
So my dear co-bloggers, this post is to help you make sure that you are not sailing in the same boat as I did.
I went back and re-read the post by 101Domain, HostGator, and another by Cloudflare. They say that the attack is a large-scale one, wherein the hackers are trying to use home PCs and then get access to hosting servers so as to make the WordPress Brute Force attack profoundly viral. The attackers are still anonymous and none knows when this whole WordPress attack hoopla will cease. All that is in our control is taking some precautions to dodge the attack.
Ensure that your blog is safe from the WordPress brute force attack
Change admin user name – PCMag reports that the most targeted accounts are those with the user names ‘admin’, ‘test’, ‘administrator’, and others akin to these. If you have an admin login username like any of these then the first thing to do is change it.
There are many workarounds for this like installing a WordPress plugin. But I guess the easiest way to go about it is to create a new user account, give that user the administrator rights, and then delete the vulnerable ‘admin’ user by logging into the newly created admin account.
Make a stronger password – Check if your existing password is as per the WordPress password creation guidelines. If you are not sure what the guidelines are, go to your user account and scroll down to the ‘About Yourself’ section where you are given an option to set a password. Right there you can find the password guidelines by WordPress saying ‘Hint’ in italic text. While changing the password make sure that the strength indicator goes green.
Upgrade the CMS – Upgrading to the latest version of WordPress CMS can help you mitigate the risk and minimize the chances of getting your account compromised due to the so-called brute force attack. It is believed that the hackers may not be fully aware of the tricks to hack the latest release.
Deploy the two-way authentication feature – The two-way authentication is one where you can access your account by entering a security number into the login panel. The security code will be sent to your mobile once you attempt a login. You can implement this by installing a plugin (check for it in the WordPress plugins directory) in your blog.
Use Security plugins – There are many security plugins that can come in handy like WordPress Firewall 2, Limit login attempts, Sucuri WordPress Security Plugin to avoid brute force attacks. Consider activating one or more such plugins to ensure an extra layer of security for your WordPress blog.
It’s high time that you be proactive in taking a quick step to prevent the Global WordPress Brute Force attack on your WordPress blog unless you want to see yourself repent like me in no time. I was lucky for having a new blog compromised; you may not be.
Do share your ideas to improvise WordPress security if any and also, share your experience if you have been unlucky with this viral attack in the comment box below.
Update
One of the readers suggested through comments that we must have a back-up plugin ready, just in case we happen to lose all the Blog’s data.
Thank you, Naveen for the advice. I was so ignorant of this simple tip. I’m sure it added great value to all of us.
Another reader posted another nice suggestive comment. Samir advises installing a CAPTCHA for the login panel. Thanks, Samir.
This is the time to secure our WordPress blogs to avoid our hardwork goes vain.
I’ve faced the similar issues like that I noticed that the attacks from over 4 more IP addresses and from one IP address there were over 50 log-in attempts.
Fortunately I’ve saved my blog by limit login attempts Plug-in.
The important thing every blogger should do is ensure back ups, we can install some plug-in to back up wordpress datas to restore the site, if unfirtunately we loss datas by the attack.
Thanks to the wonderful post.
My pleasure Naveen.
You have made a good point.. I’d add it to the post.
Good Article Anusha! The attacks are increasing day by day with very bad consequences. I hope these simple steps you have mentioned about will really help bloggers to stay away from Brute Force attack. Hope WordPress soon finds a way out of this spam!
Thank you Satish. I too really hope that WP does something soon
Nice article anusha keep going! expecting more specific on wordpress security also although the my blog has security plugins they tried 16 attempts and finally injected trojan in that which site crashed and Now am in Recovery mode!
thank for updating a useful article for bloggers!
You welcome Abbhas. I’d definitely keep you(readers) updated with more such posts.
Nice blog Preethi.
One point should be added:
Use Captcha WordPress plugin for login page to secure site from robotic attack from multiple times login.
Here is the information:
http://lilithdark.com/how-to-add-captcha-to-your-wordpress-login-page/
Thanks Samir. I have just installed the login CAPTCHA. Will amend you advice to the post so that all can take advantage of this security feature to avoid the brute force attack.
Good job. 🙂 Still If I can find any new suggestion, I will comment it.
Nice article Anusha. All the features are good for protecting WordPress. Apart from that two way authentication is very useful and strong.
Thanks
Mohd Aktar
I totally agree on this Aktar
Hi, Good Article Preethi. Now a days many blogs are getting hacked which is also increasing day by day. You have really shared some cool tips to save our blog from WordPress brute force attack. The another main thing i want to add here i.e. We need to backup our blog regularly so that we can easily restore our when any attack takes place. Thanks for sharing this Great Tips 🙂
ROFL
Thanks for sharing this info Anusha. This post is really informative. I’m using “Better WP Security” plugin to prevent attacks.
You are welcome Suresh.
How is the Better WP Security plugin ? I’m wanting to try it.
You are so cool! I do not suppose I have read through
anything like this before. So wonderful to find somebody with original thoughts on this topic.
Really.. thanks for starting this up. This web
site is something that’s needed on the web, someone with a bit of originality!
Thank you …. you made my day 😉
If you are going for finest contents like me, only go to see this website every day as it offers quality contents, thanks
Thank you so much 🙂
I have read so many articles or reviews regarding the
blogger lovers but this post is really a fastidious paragraph, keep it up.
Thank you so much .. made the image in Powerpoint … so thats the secret 😉
how do you get theses custom maps like a website or what
M sorry. I did not get what you mean
Hey there! I’ve been following your site for some time now and finally got the bravery to go ahead and give you a shout out from Humble Texas! Just wanted to mention keep up the good work!
Glad that you like my work. And there is nothing like you need bravery to get to me.. I’m always there for my readers and would keeps my ears open for you. 🙂
I am really enjoying the theme/design of your weblog.
Do you ever run into any web browser compatibility problems?
A number of my blog readers have complained about my blog not
operating correctly in Explorer but looks
great in Safari. Do you have any suggestions to help fix this problem?
No, I have not faced any such problem so far. However, soon after installing the theme I checked its compatibility with various browsers and OS using browesrshots.com .
Many blogger also insist on using the thesis or genesis themes to avoid this problem.
Which theme do you use?
Since the admin of this site is working, no question
very quickly it will be renowned, due to its feature contents.
Thank you so much for the recognition. Hope to make your works reality soon. Fingers crossed X 🙂
Hello There. I found your weblog using msn. This is an extremely well written article.
I’ll be sure to bookmark it and return to learn extra of your useful information. Thank you for the post. I’ll certainly
return.
Thank you Annis. I suggest you sign up for my newsletter to stay updated of my new articles without missing any.
With havin so much written content do you ever run into any issues of plagorism or copyright infringement?
My blog has a lot of completely unique content I’ve either created myself or outsourced but it appears a lot of it is popping it up all over the internet without my permission. Do you know any methods to help prevent content from being ripped off? I’d truly appreciate it.
I too faced this a lot with my other blog. Really gets on to our nerves. As a precaution I have implemented the DMCA badge in this blog (scroll to the footer to find it). I guess the copyscape premium a/c must help as its features sound impressive. I am yet to get it.
I am really impressed with your writing skills and also with
the format to your blog. Is this a paid subject or did you customize it your self?
Anyway keep up the excellent quality writing, it’s rare to look a great weblog like this one today..
No it is not a paid one. Paid one would be much better 😉
Thanks !
Thank you for the compliment Fischol 🙂
I’m glad that you found this post useful Pasty. 🙂
I’m sorry I did not understand your question. Please rephrase it.
Thank you free 🙂
I guess the most valid suggestion for aspiring writers would be – Get to work. Start writing and you’ll learn all the hints and tricks with time. Imitating someone’s style of writing can help to start. But it must be kept in mind that imitating can only help to start and get better. One has to put in ones own ideas and style to sustain.
And the blogging platform you choose can matter a lot. I like Blogger and WordPress (.org) personally. I find them easy and handy.
Hope this helped you. I’d love to see your new blog/website soon.
All the best 🙂
Very nice post. I just stumbled upon your blog and wanted to
say that I have really enjoyed surfing around your blog posts.
In any case I will be subscribing to your rss feed and I hope you write again very soon!
Hey! Someone in my Facebook group shared this website with us so I
came to check it out. I’m definitely loving the information. I’m bookmarking and will be tweeting this to my followers!
Wonderful blog and amazing style and design.
I’m glad you like my work Myaf.Kr . You won’t be disappointed 🙂
Hi Preethi,
When I read comments in my own blog, there are same words in your blog also. and I realized that most of comments are spam.
Here is the list of spam wordpress comments.
http://m.gizmodo.com/5925990/the-hugest-most-verbose-and-least-grammatical-cache-of-spam-comments-ever
Search your comments on google, u will get some same words in other blogs also in comments.
Use CAPTCHA on comment posting section.
To my bad luck, my WordPress blogs had been affected and somehow I recovered and now am out of the danger.
🙂
Am new to wordpress and have been learning some useful stuffs related to it.
This post helped me to learn about the WordPress security and its related plugins.
Sure, will do as you told to protect my WordPress account 🙂
Hi,
I never paid attention to the security of my blog, but it was around 3 months ago when I was just to launch StyZic, I heard of it. It was the first time I did so much for security and since then I have not done anything else. Lot of plugins, tweaks, custom code changes, and some bullshit makes me feel secure.
You’ve mentioned good points but believe me they aren’t enough to secure from hack attack, although a normal brute force will not go long with these tips. Good luck blogging. 😉
Well, recently Brute force Attacks has immensely increased, becoming a dangerous factor for all WordPress users, but it is a thing, which is fight-able, I mean, by using security methods, we can move brute force attacks out of the window. Although, it can be difficult for newbies, who just got started with WordPress, but he/she can learn by reading posts online and then can implement security.
In my view, implementing only three tricks works very well, Changing Login Slug, A content Delivery network (CDN) and a Security Plugin, which bans IP address after a few Login attempts.
Hi,
I’d paid attention to the safety of my site, but it had been about 3 weeks back when I was only to start StyZic, I learned about it. It had been the very first time I did a lot for safety and because then I haven’t done anything. A lot of tweaks, plugins, custom-made code varies, and a few bullshit makes me feel so protected.
You have mentioned great things but believe they are not sufficient to protect from hack strike, even though a typical brute force won’t go along with these suggestions. Fantastic luck blogging