WordPress Sites Under Attack

imagesThere is currently a very large, ongoing attack against WordPress websites.  It’s been going on for a while now, but has severely escalated in the last week.

Basically there are illegal “bots” (or computers) that are attempting to brute force attack WordPress websites.  What this means is they have a computer setup to attempt to login to WordPress sites.  Brute force just means that it will sit there and keep trying usernames and passwords, hundreds per minute until it figures out how to get in.

If you use a very easy password, this won’t take long – if you have a complex password it may take them a long time, or be nearly impossible.   If you missed my recent blog about password security check it out.

If you have a WordPress site, what can you do?  There’s a free plugin called “Limit Login Attempts” which will track failed login attempts and if there are a certain number of failed login attempts (4 or 5) in a short period of time, it will block the IP address for 24 hours.  You’ll also  want to make sure that you’re as up to date as possible, including your WordPress core and plugins.  You also want to be sure you’re doing regular backups of your site.  I recommend Backup Buddy plugin for that.

If you’re an active client of mine, then I’ve already taken care of that.  If you’ve got a WordPress site and you’d like some help hardening up the security, please let me know – that is a service I can most certainly provide.  Please feel free to contact me if you need assistance.

Why are WordPress sites under attack? It’s a “free” blog/content management platform, does this mean it’s insecure?  Absolutely not, I’ve gone through a lot of WordPress training in the last few months, it’s a VERY secure system.  But it’s also VERY common.  Over 80 million websites.  1 in 5 new websites are using it.  So if you’re going to hack something, and it’s a gamble about who you might be able to hack, you might as well go for what’s most common, to gain the most results.  And that’s why they target popular software.

heartClient Feedback

This morning you saved my message boards, some hacker had gotten in and you caught it and fixed it within minutes! … I can not thank you enough Josh, you’re the greatest… - Leo Laporte (Nationwide Radio and Television Journalist)
In the course of working with many developers over a 6 year period, I’ve yet to find anyone that gives you ANYWARE NEAR what Josh gives you for the money. His excellent coding skills and well thought out implementation always saves me money in the end.- Dean Rice
I would like to THANK Josh for all of his hard work on my site, he has completed several mods for me and they work great, his prices are fair and he responds very quickly.- Gill Blue
Josh has done a great job, is always on time, is a pleasure to work with, and has a talent to put into words exactly what he is going to do so there are no errors or misunderstandings.- Alex D.
He goes beyond the call of duty to help get things squared away and I have always appreciated that, his prices are very reasonable and you will get more than you expect for it.- Eric
When I get SUPER SERVICE as I have received from Josh it is worthy of a response. First, besides the fact that this gentleman (Josh) is a true magician at what he does, he is very understanding and appreciates how business should be run.- Ivan Richmond
©2002-2012 JoshuaPettit.com | All Rights Reserved - SiteGround