• Home
  • News
  • Articles
    • Your Story
  • Interviews
  • Infographics
  • Events
    • Media Partnership
    • Upcoming Events
  • Content Partner
    • Business Wire
    • Nasscom Community
  • Advertise with Us
    • Advertise with DHN
    • Write For Us
Web Hosting | Cloud Computing | Datacenter | Domain News Web Hosting | Cloud Computing | Datacenter | Domain News Web Hosting | Cloud Computing | Datacenter | Domain News
  • Home
  • News
  • Articles
    • Your Story
  • Interviews
  • Infographics
  • Events
    • Media Partnership
    • Upcoming Events
  • Content Partner
    • Business Wire
    • Nasscom Community
  • Advertise with Us
    • Advertise with DHN
    • Write For Us

Share This Post

Articles / News / Technology / Web Security / Wordpress

Understanding Real Threat of the Largest WordPress attack in history and Combating it

By admin on April 19, 2013 No Comments

An unusually powerful online attack, using more than 90,000 IP addresses , is currently ongoing against WordPress blogs with weak admin credentials. Targeted at vulnerable WordPress users who still use the default “admin” username, this brute force dictionary-based password-guessing attack is trying thousands of passwords to crack their administrative credentials .

Now password-guessing attacks of this sort happen all the time, right? What’s all the fuss about? Analysts are speculating that this attempt is just a warm up for a much wider and larger attack that is to come. How? The avalanche effect.

Sites which are broken into (and thousands have been), will be seeded with a backdoor which will give access to the attackers to control the site remotely. These sites will then be used just like 90,000 IP addresses mentioned above and conscripted into the attacking server botnet, thus forced to launch password-guessing attacks against other sites running WordPress.

So the attacker who as of now seems to be using a weak botnet/network of home PCs, which are connected to the Internet with a mere 10 megabit or 20 megabit line, will soon have a much larger botnet of huge servers having essentially unlimited Internet bandwidth and large network connections , thereby capable of generating a huge amount of traffic on an unprecedented scale that might affect the entire internet infrastructure and slow it down on a global level. Scary, right?

ddos attack explainedIf you haven’t locked down your website properly, now is the time to spur to action because chances are it could be hijacked by cybercriminals for their own purposes, without you even knowing.

Maintain strong passwords: Let’s kick off the list with the easiest step you can implement immediately. Use strong passwords including upper/lower keys, numbers and symbols.

Rename the administrative account: Create a new user with administrator rights and delete “admin”-the default administrator of WordPress powered sites.

Install a login limiter for WordPress: A login limiter can essentially block the IP address which tries and fails to send login requests above a threshold rate. For example, three consecutive failed login attempts can be backed up with a penalty timeout of 1 hour and an e-mail notification to the website owner about the same. Two WordPress plugins which let you enforce a login limiter are Limit Login Attempts and Better WP Security.

Enable Two factor Authentication: Two Step Authentication for WordPress.com accounts was released just a week back and we strongly recommend that you deploy it.

Keep up to date with the latest version of WordPress: WordPress team creates patches to help fix security holes at frequent intervals. Keep a tab on them and also new versions of plugins and themes.

If you implement these five basic and essential steps, you’ll be just fine. However, if you want a properly secured WordPress website which virtually no one can break into, you might want to go through this detailed guide on WordPress Security: The Problem, The Solution, And Remedies.

articles bruteforce attack bruteforce wordpress attack ddos attacks how does ddos attack work how to avoid password guessing attacks how to create strong password how to limit login attempts for wordpress how to prevent ddos attacks how to prevent wordpress attacks largest ddos attack largest wordpress attack latest version of WordPress login limiter for wordpress security tips to secure wordpress two factor authentication Two factor Authentication for wordpress web security website development website security wordpress wordpress attacks wordpress security

Share This Post

Related Articles

  • ServInt Adds PHP Support on Jelastic Auto-scaling Cloud Platform
    ServInt Adds PHP Support on Jelastic Auto-scaling Cloud Platform
    January 30, 2013
  • WHMCS Announces Integration of eNom New TLD portal in  Version 5.2.3
    WHMCS Announces Integration of eNom New TLD portal in Version 5.2.3
    April 5, 2013
  • An Infographic: Magic Lantern, a Keystroke Logging Software Developed by the FBI
    An Infographic: Magic Lantern, a Keystroke Logging Software Developed by the FBI
    July 29, 2013
  • Peak 10 Cloud Infrastructure Validated for Payment Card Industry (PCI) Compliance
    Peak 10 Cloud Infrastructure Validated for Payment Card Industry (PCI) Compliance
    January 18, 2013
  • Green Address Bar SSL- A Secret of Online Success
    February 27, 2013
  • Vulnerability in outdated theme and plugin takes WordPress site visitors to unwanted websites
    Vulnerability in outdated theme and plugin takes WordPress site visitors to unwanted websites
    August 24, 2018
  • 8 Important Factors To Consider Before Choosing A Web Host
    June 26, 2013
  • An Infographic: 15 Interesting Facts About the .net TLD
    An Infographic: 15 Interesting Facts About the .net TLD
    August 21, 2013
  • McAfee’s New Identity and Access Management Solutions Deliver Control and Security to the Cloud
    April 25, 2013

Leave a Reply Cancel Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

70 + = 74

Recent Posts

Blue Point Makes Platform Acquisition of Transtar in Local Partnership to Accelerate Data-Enabled Growth

January 23, 2021

U.S. Food and Drug Administration Approves OPDIVO® (nivolumab) in Combination with CABOMETYX® (cabozantinib) as First-line Treatment for Patients with Advanced Renal Cell Carcinoma

January 23, 2021

Exelixis Announces U.S. FDA Approval of CABOMETYX® (cabozantinib) in Combination with OPDIVO® (nivolumab) as a First-Line Treatment for Patients with Advanced Renal Cell Carcinoma

January 23, 2021

SourceCode Communications Managing Partner Rebecca Honeyman Elected to PR Council’s 2021 Board of Directors

January 23, 2021

Fiserv Completes Acquisition of Ondot

January 23, 2021

Categories

ZNET WEB HOSTING SERVICES

  • Buy Domains
  • Web Hosting
  • WordPress Hosting
  • Buy SSL Certificate
  • VPS Server
  • Dedicated Server
  • Contact Us
  • Media Partnership
  • Submit Hosting Coupon
  • Submit a Press Release
  • Hosting Coupon
  • Media Kit
  • Privacy Policy
  • Data Jobs
Copyright © 2020 A ZNet brand. All rights reserved.

Get a Call Back

×

Subscribe to our Newsletter

Check your inbox or spam folder to confirm your subscription.