• Home
  • News
    • Acquisition
    • Appointments
    • Cloud
    • Datacenter
    • Green Tech
    • Hosted Cloud Apps
    • Hosting
    • Innovation
    • New Products
    • Partnership
    • Social Media
    • Start-Ups
    • Technology
  • Submit
    • Article
    • Press Release
    • Hosting Coupon
  • Articles
  • Interviews
  • Infographics
  • Upcoming Events
Web Hosting | Cloud Computing | Datacenter | Domain News Web Hosting | Cloud Computing | Datacenter | Domain News Web Hosting | Cloud Computing | Datacenter | Domain News
  • Home
  • News
    • Acquisition
    • Appointments
    • Cloud
    • Datacenter
    • Green Tech
    • Hosted Cloud Apps
    • Hosting
    • Innovation
    • New Products
    • Partnership
    • Social Media
    • Start-Ups
    • Technology
  • Submit
    • Article
    • Press Release
    • Hosting Coupon
  • Articles
  • Interviews
  • Infographics
  • Upcoming Events

Share This Post

Articles / News/PR / Technology / Web Security / Wordpress

Understanding Real Threat of the Largest WordPress attack in history and Combating it

By admin on April 19, 2013 No Comments

An unusually powerful online attack, using more than 90,000 IP addresses , is currently ongoing against WordPress blogs with weak admin credentials. Targeted at vulnerable WordPress users who still use the default “admin” username, this brute force dictionary-based password-guessing attack is trying thousands of passwords to crack their administrative credentials .

Now password-guessing attacks of this sort happen all the time, right? What’s all the fuss about? Analysts are speculating that this attempt is just a warm up for a much wider and larger attack that is to come. How? The avalanche effect.

Sites which are broken into (and thousands have been), will be seeded with a backdoor which will give access to the attackers to control the site remotely. These sites will then be used just like 90,000 IP addresses mentioned above and conscripted into the attacking server botnet, thus forced to launch password-guessing attacks against other sites running WordPress.

So the attacker who as of now seems to be using a weak botnet/network of home PCs, which are connected to the Internet with a mere 10 megabit or 20 megabit line, will soon have a much larger botnet of huge servers having essentially unlimited Internet bandwidth and large network connections , thereby capable of generating a huge amount of traffic on an unprecedented scale that might affect the entire internet infrastructure and slow it down on a global level. Scary, right?

ddos attack explainedIf you haven’t locked down your website properly, now is the time to spur to action because chances are it could be hijacked by cybercriminals for their own purposes, without you even knowing.

Maintain strong passwords: Let’s kick off the list with the easiest step you can implement immediately. Use strong passwords including upper/lower keys, numbers and symbols.

Rename the administrative account: Create a new user with administrator rights and delete “admin”-the default administrator of WordPress powered sites.

Install a login limiter for WordPress: A login limiter can essentially block the IP address which tries and fails to send login requests above a threshold rate. For example, three consecutive failed login attempts can be backed up with a penalty timeout of 1 hour and an e-mail notification to the website owner about the same. Two WordPress plugins which let you enforce a login limiter are Limit Login Attempts and Better WP Security.

Enable Two factor Authentication: Two Step Authentication for WordPress.com accounts was released just a week back and we strongly recommend that you deploy it.

Keep up to date with the latest version of WordPress: WordPress team creates patches to help fix security holes at frequent intervals. Keep a tab on them and also new versions of plugins and themes.

If you implement these five basic and essential steps, you’ll be just fine. However, if you want a properly secured WordPress website which virtually no one can break into, you might want to go through this detailed guide on WordPress Security: The Problem, The Solution, And Remedies.

articles bruteforce attack bruteforce wordpress attack ddos attacks how does ddos attack work how to avoid password guessing attacks how to create strong password how to limit login attempts for wordpress how to prevent ddos attacks how to prevent wordpress attacks largest ddos attack largest wordpress attack latest version of WordPress login limiter for wordpress security tips to secure wordpress two factor authentication Two factor Authentication for wordpress web security website development website security wordpress wordpress attacks wordpress security

Share This Post

Related Articles

  • How to choose a Good Web Host- 6 Most Important Factors
    April 25, 2013
  • SSAE16 vs. SSAE18: What’s The Difference?
    SSAE16 vs. SSAE18: What’s The Difference?
    May 16, 2018
  • Plenty of plugins and PHP libraries disabling TLS validation, leaving sensitive data at risk
    Plenty of plugins and PHP libraries disabling TLS validation, leaving sensitive data at risk
    October 31, 2018
  • How to Choose the Right and Best SSL Certificate Provider-10 Simple Tips
    March 25, 2013
  • An Infographic: 99.9% of Domains That Have Six or More Characters Available on the .net Domain
    July 3, 2013
  • Jelastic Cloud Hosting Platform Launches Free Public Beta in Sweden with Elastx
    Jelastic Cloud Hosting Platform Launches Free Public Beta in Sweden with Elastx
    February 7, 2013
  • MariaDB Enterprise Server
    MariaDB unveils Enterprise Server for mission-critical workloads
    March 1, 2019
  • PCMag Awarded Handy Backup as the Best Small Business App
    November 7, 2012
  • ServInt Adds PHP Support on Jelastic Auto-scaling Cloud Platform
    ServInt Adds PHP Support on Jelastic Auto-scaling Cloud Platform
    January 30, 2013

Leave a Reply Cancel Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Recent Posts

Top 10 Data Center Providers in Singapore

Top 10 best data center providers in Singapore in 2020

December 5, 2019
Diadem Technologies joins hands with Plesk, to offer Plesk panel integrated hosting services in India

Diadem Technologies joins hands with Plesk, to offer Plesk panel integrated hosting services in India

December 2, 2019
Database Migration Comparison: AWS, Google Cloud, Azure, IBM, Alibaba Cloud

Database Migration Comparison: AWS, Google Cloud, Azure, IBM, Alibaba Cloud

November 28, 2019
green data centers

Sustainable energy usage to define the rising adoption of green data centers

November 25, 2019
epsilon SD WAN

Epsilon eyes enterprise market; positions SD-WAN as its new strategic offering

November 21, 2019

Categories

ZNET WEB HOSTING SERVICES

  • Buy Domains
  • Web Hosting
  • WordPress Hosting
  • Buy SSL Certificate
  • VPS Server
  • Dedicated Server
  • Contact Us
  • Media Partnership
  • Submit a Press Release
  • Write For Us
  • Advertise on DHN
  • Hosting Coupon
  • Media Kit
  • Privacy Policy
Copyright © 2019 A ZNet brand. All rights reserved.

Get a Call Back

×

Subscribe to our Newsletter

Check your inbox or spam folder to confirm your subscription.