8 {{ upvoteCount | shortNum }}
8 {{ upvoteCount | shortNum }}

Edited------

by MovingAround
7 replies
edited-----
#attack #bruteforce #reminder #site
  • Profile picture of the author Warrior X
    My host recommended using hard-to-break passwords (if you aren't already), not using 'admin' as your login, and activating Cloudflare.

    Here's a good article on the attack:
    Mass WordPress Attacks Spread, Brute-Forcing Admin Passwords
    Signature
    #1 In WHITEBOARD VIDEOS - Great Way To Tell Your Story!
    Available Here
    {{ DiscussionBoard.errors[7988799].message }}
  • Profile picture of the author exoduspress
    Cool tip: create an admin user account with an insane password and set it as subscriber level. It's a great way to keep em busy ;-)

    One problem with WP is that if you don't have the admin account, then they start trying to find out what your actual UN is.
    {{ DiscussionBoard.errors[7988859].message }}
    • Profile picture of the author MovingAround
      edited------
      {{ DiscussionBoard.errors[7988880].message }}
      • Profile picture of the author exoduspress
        Originally Posted by MovingAround View Post

        LOL good tip! Only problem is that we don't want to keep them busy if it is a bruteforce attack of this magnitude as so many password recalls takes a huge amount of server resources.

        It's a good tip for the amateurish attacks though
        Glad you liked it. :-)

        I'm not sure how big of a site this is, but why not block all traffc to the wp-admin directory via .htaccess until they stop?

        Throw a caching plugin on the front end in case they decide to move onto the front-end.

        Just tossing out some ideas to help
        {{ DiscussionBoard.errors[7988914].message }}
        • Profile picture of the author iamClueless
          I'm looking at the names bruteforcers are using in attempts to log into my own WP sites, if you avoid the following as your login name you should be fine;
          admin = BIGGEST ONE
          admin 1
          user
          test
          support
          aaa
          administrator
          sysadmin
          manager
          qwerty
          root
          Your Posting Name: If you make posts under the name Joe Doe, make sure your WP admin login isn't Joe Doe.
          {{ DiscussionBoard.errors[7988948].message }}
        • Profile picture of the author MovingAround
          edited------
          {{ DiscussionBoard.errors[7988970].message }}

Trending Topics