Dear Customers,
Over the past few weeks, our system administrators have detected an unusually high amount of traffic towards WordPress login pages such as http://www.yoursite.com/wp-admin.
They have analyzed the traffic and have found out that it’s all due to a massive global brute-force attack against WordPress sites.
Unlike hacks that focus on vulnerabilities in software, brute-force attacks are aimed at gaining access to a site in the simplest possible way – by trying random usernames and passwords multiple times in a row, until the site is broken into. This makes passwords like ’123456′ and usernames like ‘admin’ most vulnerable to brute-force attacks.
The traffic-consuming nature of these attacks may lead to the excessive use of your server’s memory and may cause serious performance problems for your sites and applications. This is because the number of http requests (i.e. the number of times someone visits your site) is so high that the server runs out of memory.
This sort of attack is not endemic to WordPress only. However, the application’s popularity makes it a frequent target for brute-force abusers.
Here are a few very simple tricks to protect your WordPress site:
# Block access to wp-admin. order deny,allow allow from x.x.x.x deny from all
<Files wp-login.php> Order allow,deny Allow from x.x.x.x Deny from all </Files>
User-agent: * Disallow: /wp-admin Disallow: /wp-login.php Disallow: /administrator
Kind Regards,
Web Hosting team