summary
Security Measures Protect Against Hacks Attempted on 1,000s of Wordpress Sites
Wordpress, the popular web management tool used by Mashable, The New York Times, CNN and Forbes, has been undergoing site-wide attacks by large-scale hackers. WordPress creator, Matt Mullenweg, recommends users change usernames, have the newest version of WP installed, and use a strong password that includes an uppercase, special character and a number.
Continue reading
prREACH
Apr 28, 2013 /prREACH/ -- Security Measures Protect Against Hacks Attempted on 1,000s of Wordpress Sites
Wordpress, the popular web management tool used by Mashable, The New York Times, CNN and Forbes, has been undergoing site-wide attacks by large-scale hackers. WordPress creator, Matt Mullenweg, recommends users change usernames, have the newest version of WP installed, and use a strong password that includes an uppercase, special character and a number.
Expert WordPress programmer Jonathan Green has released a plugin called WP Brute Force to protect users from large-scale attacks like these. The newly developed plugin prevents sites from being hacked by hiding the users’ WordPress installation from attackers. This user-friendly solution maintains the website and it’s visibility to users and search engines, but keeps the site off of the hackers radar. Green urges, “Whether you invest in WP Brute Force or not, I urge you to seek out the most robust security measures you can, to avoid this hack happening to you”.
When protecting your site, it is important to understand that a plugin blocking multiple login attempts from the same IP will not help with this kind of attack. Each login attempt from these brute force attacks is made from a completely different IP address.
The United States Computer Emergency Readiness Team (US-CERT) has declared that all hosting providers with WordPress as their content management system are potential targets for this hacker or hacker group. According to US-CERT, "The Hackers use a large botnet on almost 90,000 servers to try and attempt to gain access to a Wordpress site. These brute force attacking methods are used to find WordPress administrators with weak passwords and "admin" as their account name to the amount of 1,000s of login attempts."
CloudFlare, a content delivery network, has reported 60 million requests against WordPress customers blocked in just one hour. Their CEO Matthew Prince stated he has never seen a brute force attack on WordPress sites come close to the volume of attacks they are seeing now. By his calculations the hackers have the ability to try as many as 2 billion passwords in one hour.
Cloudflare and Hostgator have also confirmed attacks. "...There is an on-going and highly-distributed, well organized, global attack on WordPress installations across virtually every web host in existence," HostGator said. Hosting providers recommend that anyone with a Wordpress site immediately update their password to make sure requirements are met from the WordPress website.