11 {{ upvoteCount | shortNum }}
11 {{ upvoteCount | shortNum }}

Wordpress Authentication - Has Anyone Seen This Before?

by Mike Hlatky
8 replies
Has anyone seen this before?

#authentication #wordpress
  • Profile picture of the author Melkur
    Mike,

    Might it be something to do with the recent attacks on Wordpress sites?

    http://www.warriorforum.com/main-int...-heads-up.html
    {{ DiscussionBoard.errors[7977595].message }}
  • Profile picture of the author David Keith
    yes, wordpress is under a serious brute force admin login attack.

    Many hosts are scrambling to do what they can to limit damage, but at this stage everyone is just being very reactive...no one has a good solid fix.

    I have info from a major hosting company that they are considering shutting down all WP installs with the username "admin" since the brute force attack is currently focused mostly on WP installs with username "admin" and about 10 very common passwords.

    This would help them to keep other sites up much more often and to secure their servers better from these attacks. Other WP installs with better passwords will still face the brute force login attempts, but no additional servers will be compromised unless/until the attackers change their game a bit.
    Signature
    Just a Little War Room Gift.
    {{ DiscussionBoard.errors[7977616].message }}
  • Profile picture of the author GarrieWilson
    I wonder if this is why all my WP blogs give a 406 error in IE....
    Signature
    Screw You, NameCheap!
    $1 Off NameSilo Domain Coupons:
    SAVEABUCKDOMAINS & DOLLARDOMAINSAVINGS
    {{ DiscussionBoard.errors[7977628].message }}
  • Profile picture of the author MartinPlatt
    That looks dodgy, like it's been hacked. Either that, or a programmer has left something in that they should have removed.

    Normally a system will tell you the username or password are incorrect, but not show you what they are...
    Signature

    Martin Platt
    martin-platt.com

    Stuck with earning commissions online? Get this get this uncensored affiliate marketing guide for free (sold as coaching for $4,997)

    {{ DiscussionBoard.errors[7978142].message }}
    • Profile picture of the author Melkur
      As the prompt says, it seems to be a CAPTCHA generated on the fly to prevent access to wp-login unless you can provide the username and password - which are generated at random, hence the need for them to appear in the prompt. I guess the idea is to thwart bots aiming to brute force their way past the standard Wordpress login prompt.

      The script to generate this is posted on another forum - I'm not sure about posting a link to it, but Googling for "WordPress attack protection CAPTCHA" should get you there.
      {{ DiscussionBoard.errors[7978369].message }}
  • Profile picture of the author rosetrees
    Obviously we don't know who your host is. A few days ago someone forwarded me an email that they had received from a club they are a member of. The club's web host have introduced something very like you show above. The members now have to enter a username and password (supplied in the email) to access the site.

    Actually, re-reading your original image, it does say "wordpress attack protection"
    {{ DiscussionBoard.errors[7978391].message }}
  • Profile picture of the author Paul Barrs
    I just saw this for the first time to day; on a client's site....

    Thing is, I didn't install it, and they didn't install it - and when I look around on the inside, there is no "plugin" for it.

    Still investigating.

    P.
    Signature
    **********
    It's Simple... I don't "sell" IM anymore, but still do lots of YouTube Videos
    **********
    {{ DiscussionBoard.errors[8121517].message }}
  • Profile picture of the author VivekThakur
    No, this is new to me . Its look like captcha protection for security reason.
    Signature

    Enjoy Life.

    {{ DiscussionBoard.errors[8121572].message }}

Trending Topics