Attack on WordPress Sites, Globally

There is an on-going, highly distributed, worldwide attack on WordPress installations to crack open admin accounts and inject various malicious scripts. This attack is known to be using forged or spoofed IP addresses.

There are early indications that hackers are installing malicious scripts on servers hosting WordPress sites that have been compromised in the attack that, in turn, are being used to hack other websites.

“These [servers] can cause much more damage in DDoS [distributed denial-of-service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic,” states Matthew Prince, the chief executive of web hosting company CloudFlare.

To ensure that your websites are safeguarded from this attack, we recommend the following steps –

Step 1

Make sure you are running the latest version of WordPress and all the plugins and themes installed in your WordPress instance are updated to the latest available version.

Step 2

Secure your WordPress Login page. To do this you can simply log into your CPanel/Plesk Panel and use the Password Protect Directory option and secure the wp-admin folder of your WordPress installation using a secure password. You need to make sure that you use complex password, preferably generated via a Random Password Generator so that your password is not easily uncovered under brute-force attack.

Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress

Few additional steps too can be taken to further secure your WordPress website –

  • Disable DROP command for the DB_USER .This is never commonly needed for any purpose in a WordPress setup
  • Remove README and license files (important) since this exposes version information
  • Move wp-config.php to one directory level up, and change its permission to 400
  • Prevent world reading of the htaccess file
  • Restrict access to wp-admin only to specific IPs

You can check out http://wordpress.org/extend/plugins/better-wp-security/ for more WordPress security Plug-ins.

We would also recommend opting for CloudFlare which may further help you protecting your WordPress account.

We’ll continue to monitor the details of the attack and publish details about what we learn.

, , , , ,

10 Responses to Attack on WordPress Sites, Globally

  1. Sandeep Chaudhary April 15, 2013 at 2:34 PM #

    Thank you for sharing this information. But I’m new on wordpress and do not know much about the above steps of protecting me from attacks. Are new blogs also on attacks?

  2. Amreen April 15, 2013 at 3:29 PM #

    Yes, all WordPress installations are being targeted.
    The security steps are fairly simple. Once you figure out which one you want to install, you’ll get step-by-step instructions on how to go about doing it.
    Let us know if we can help you out with anything else.

  3. Sandeep Chaudhary April 15, 2013 at 4:40 PM #

    Thank you Amreen. I will like to know that I’m using wordpress 3.5, so do I must need to upgrade wordpress version to latest one?

    Also tell me one more thing dear, what will happen if I will upgrade wordpress version without taking its back up? I mean, do backup is just recommended or it is necessary?

  4. Lorenzo May 6, 2013 at 3:59 AM #

    I’ve read that Cloudflare can detect the brute-force attacks on the WP-admin and minimize them.

    I currently use a password manager called 1Password to generate strong passwords. I’m also using Limit Login Attempts.

  5. Rimmy Roshan May 28, 2013 at 1:08 PM #

    Yes keeping website secure is must.And Prevention is better than Cure.I optimized my website for cloudfare.Which stops many attacks.Thanks to bigrock for once again reminding this attack information in wordpress sites.

  6. Himanshu Negi May 28, 2013 at 10:57 PM #

    Limit Login Attempts is a got wordpress plugin to minimize/stop brute force attack. Also change the administrator username (i.e.admin) to something else like Me&2013 something like that, complex.

    I hope if unlucky anyone faces attack or gets scrwd then Bigrock will help him/her with backups and suggestions because it’s impossible to make any system 100% secure.

    BigRock Rocks Big 🙂

  7. Pankaj Verma May 29, 2013 at 12:59 AM #

    Thanks Bigrock, Its really a Nice Article, It suddenly dropped in my inbox & I read all the instructions, Thanks again for this information.

  8. harshaaliaschinna May 29, 2013 at 10:59 AM #

    thanks for this information. i had already read about this global attack on wordpress. now i am increasing my security for wordpress. thank you for informing us.

  9. Tyson May 30, 2013 at 5:10 PM #

    Yes I’m also facing this problem currently… and using “OSE Firewall” and its really doing great job..

    here are the plugins i use to protect my wordpress

    Bulletproof Security
    OSE Firewall

  10. Amreen June 4, 2013 at 11:38 AM #

    Thanks for your inputs, Tyson 🙂

Leave a Reply