Wordpress Brute Force Attempts: Multiple Servers
Posted by WSSSupport on April 10, 2013 :: 1:07 pm in Uncategorized
Over the last 24 hours, we have noticed a widespread pattern of brute force attempts to gain entry into Wordpress blogs on our servers. Due to the design of Wordpress, by default there is no method to prevent a user from creating thousands of requests in an attempt to gain access. At this time, there has been no evidence of any blogs actually being compromised, but the load caused by all of these failed logins is causing heavy, intermittent load on affected servers.
To combat this, we have been setting the permissions of the wp-login.php file (the target in every attack we have seen so far) to 000 on sites we see to be impacted, which stops the attack while still keeping the blog online. However, this does prevent logging into the Wordpress Dashboard until the permissions are restored.
If your site has been affected, you can either reset the permissions of the wp-login.php file to 644 yourself, or contact support through any of the normal channels and we will gladly reset them for you. In addition, we would strongly recommend that everyone utilizing a Wordpress blog make sure that their administration login for the Wordpress dashboard is something other than ‘admin’ (as this is the user name used in most reported brute force attacks), and install some kind of limiter to login attempts to seal off the weakness to brute-force password guessing. One such plugin can be found here: http://wordpress.org/extend/plugins/limit-login-attempts/
UPDATE: This attack was not specifically to our servers; it appears that all web hosts have been suffering the same issues. The official warning from US-CERT post can be found here, while further reading from a number of news outlets can be found through a Google search.
Write a Comment on Wordpress Brute Force Attempts: Multiple Servers
Comments on Wordpress Brute Force Attempts: Multiple Servers are now closed.