Warning! Mass hacking of websites by WordPress

Blog Categories

Basket of services

Company news

Thursday, 24 December 2015: Merry Christmas and Happy New Year!
Monday, 20 April 2015: Accepting payments through payment system Webmoney and Z-Payment restored
Saturday, 18 April 2015: Unavailable accepting payments via Webmoney and Z-Payment
Thursday, 05 March 2015: To order new services are available - DNS hosting and secondary DNS server
Wednesday, 25 February 2015: Added new ways to pay for services

Recent blog posts

Warning! Mass hacking of websites by WordPress

Sunday, 14 April 2013 00:46

Network Security

Currently, there is a massive network hacking, built on the popular blogging engine WordPress. And in this case, do not use any vulnerability break by brute force banal.

What is interesting, the attack is made with ordinary users' computers infected with the virus. That is, in fact, such a computer is assigned to find the password to a particular site and then he starts every 1 - 2 seconds to try to log into the admin panel of the website. And almost always uses the standard login admin, and the password is moved by a special dictionary. I would also like to note that the brute-force comes not from one infected machine. That is, for example 50 attempts to make a selection of zombie computers, go on two, three and so on. Hacked sites in a similar way at the moment, and a huge number of attacks will not cease.

Guard against this is quite simple, we recommend two simple steps:

1. Remove user with the login admin. By default, WordPress does not allow to change the login of the user, but it can be changed either through phpMyAdmin, editing table wp_users field user_login administrator, or by creating another administrator in the admin area to another login, and then authorize under him, to remove a user admin.

2. Close access to the admin panel. This can be done with .htaccess in the folder wp-admin to allow access only to your IP, or further recovery record this folder means webserver. There is a pretty good option - installation of the plugin Lockdown WP Admin, which allows you to change the link to the admin area and further her recovery record.

Following these two simple-minded recommendations you provide your wordpress site on almost impenetrable defense against such attacks, as well as reduce the load on your site, as attempts to brute force password create quite a serious load on the server.

If you will need help - you can always contact our specialists.

Tagged under:

Read: 1470 times