Attack on WordPress Sites, Globally

There is an on-going, highly distributed, worldwide attack on WordPress installations to crack open admin accounts and inject various malicious scripts. This attack is known to be using forged or spoofed IP addresses.

There are early indications that hackers are installing malicious scripts on servers hosting WordPress sites that have been compromised in the attack that, in turn, are being used to hack other websites.

“These [servers] can cause much more damage in DDoS [distributed denial-of-service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic,” states Matthew Prince, the chief executive of web hosting company CloudFlare.

To ensure that your websites are safeguarded from this attack, we recommend the following steps –

Step 1

Make sure you are running the latest version of WordPress and all the plugins and themes installed in your WordPress instance are updated to the latest available version.

Step 2

Secure your WordPress Login page. To do this you can simply log into your CPanel/Plesk Panel and use the Password Protect Directory option and secure the wp-admin folder of your WordPress installation using a secure password. You need to make sure that you use complex password, preferably generated via a Random Password Generator so that your password is not easily uncovered under brute-force attack.

Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress

Few additional steps too can be taken to further secure your WordPress website –

  • Disable DROP command for the DB_USER .This is never commonly needed for any purpose in a WordPress setup
  • Remove README and license files (important) since this exposes version information
  • Move wp-config.php to one directory level up, and change its permission to 400
  • Prevent world reading of the htaccess file
  • Restrict access to wp-admin only to specific IPs

You can check out http://wordpress.org/extend/plugins/better-wp-security/ for more WordPress security Plug-ins.

We would also recommend opting for CloudFlare which may further help you protecting your WordPress account.

We’ll continue to monitor the details of the attack and publish details about what we learn.

, , , , ,

10 Responses to Attack on WordPress Sites, Globally