!!

Welcome Guest

You are viewing this forum as a guest therefore You are Not Allowed to Post and Reply and You are not allowed to view links. Register or Login

collapse

* Search


* Recent Replies

Payoneer card by [Not Shown, Login to View]
[May 24, 2017]


Good Day by [Not Shown, Login to View]
[May 24, 2017]


Help on how to send bulk emails by [Not Shown, Login to View]
[May 18, 2017]


changing domain name by [Not Shown, Login to View]
[May 13, 2017]


No place like home by [Not Shown, Login to View]
[May 13, 2017]


Google AdSense by [Not Shown, Login to View]
[May 09, 2017]


How To Change Dot blogspot to Dot com by [Not Shown, Login to View]
[May 08, 2017]


Meta Tag Error - The element type "meta" must be terminated by the matching end- by [Not Shown, Login to View]
[May 07, 2017]


Site for soccer news by [Not Shown, Login to View]
[May 04, 2017]


How do I know if my new blog is Live? by [Not Shown, Login to View]
[May 04, 2017]


Linking a web page to http://www.ng.com by [Not Shown, Login to View]
[May 03, 2017]


Is Hostnownow.com a reliable company for hosting and domain name registrstion? by [Not Shown, Login to View]
[Apr 28, 2017]


How Can I Set-up social network on my blog website? by [Not Shown, Login to View]
[Apr 24, 2017]


How to register and link my blog to Adsense by [Not Shown, Login to View]
[Apr 23, 2017]


fiverr backlinks by [Not Shown, Login to View]
[Apr 18, 2017]


Is SFI real? by [Not Shown, Login to View]
[Apr 18, 2017]


Good day everyone by [Not Shown, Login to View]
[Apr 18, 2017]


Mapping or Linking Goddady Domains to Blogger Blog by [Not Shown, Login to View]
[Apr 18, 2017]


How to Create Peer to Peer Donation Website / Ponzi Script? by [Not Shown, Login to View]
[Apr 18, 2017]


Amazon registration in becoming an affiliate 2016 by [Not Shown, Login to View]
[Apr 18, 2017]


Introducing My Own Free Web Hosting Company by [Not Shown, Login to View]
[Apr 11, 2017]


How To Get Free Web Hosting And Free domain by [Not Shown, Login to View]
[Apr 05, 2017]


Should I use both Wordpress and Joomla on same website? by [Not Shown, Login to View]
[Mar 09, 2017]


How to Start Amazon affiliate marketing by [Not Shown, Login to View]
[Mar 06, 2017]


Can I Point my Paid domain to a free hosting account? by [Not Shown, Login to View]
[Mar 05, 2017]


How do I get a website by [Not Shown, Login to View]
[Mar 05, 2017]


GLAD TO BE BACK! by [Not Shown, Login to View]
[Feb 28, 2017]


Thoughts that run the world by [Not Shown, Login to View]
[Feb 09, 2017]


Adsense Acceptable Websites by [Not Shown, Login to View]
[Feb 08, 2017]


Retrieving Profile Picture Option by [Not Shown, Login to View]
[Feb 02, 2017]

Author Topic: Wordpress is Under Attack: Protect Your Website Today!  (Read 503 times)

0 Members and 1 Guest are viewing this topic.

Offline [Not Shown, Login to View]

  • Administrator
  • Level: Mentor
  • ******
  • Posts: 259568
  • Respect: +7989
  • Gender: Male
  • Location: Benin City
  • 18th Chamber
  • My Rank: 80
WordPress is easy. That’s why people like it. It’s quick to set up a simple site. It’s easy to manage large amounts of content. It’s easy to add functionality without having to know how to code php because there is such a large developer community that makes tons of free plugins.

It’s also pretty easy to hack. When things are easy, we are less vigilant and we do stupid things like using obvious passwords (remember what trouble that caused on LinkedIn?) Less obvious is the use of the default “admin” username and the failure to keep the site software updated.

All of these security weaknesses, it turns out, could allow an unidentified group of hackers to use “brute force” attacks on WordPress installations and form a huge “botnet” of infected servers. A report by Dan Goodin in Ars Technica details the threat. Unnamed attackers “are using more than 90,000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems, researchers from at least three Web hosting services reported. At least one company warned that the attackers may be in the process of building a “botnet” of infected computers that’s vastly stronger and more destructive than those available today.”

A lot of cyber crimes are perpetrated by hackers that use “worms” to infect individual computers and use them to create “spoof addresses” for various types of fraud as well as to execute DDoS [distributed denial-of-service] attacks. Tying together servers with the large amount of network connections possessed by a popular WordPress site would up the ante by an order of magnitude or two.

If you or your company have sites that use WordPress, there are two things to consider. First is to avoid having your own site hijacked and second is to avoid becoming part of a larger problem. Think childhood immunizations.

Fortunately, there are some simple recommendations that can lower the liklihood of being part of the problem:

Avoid Obvious Passwords: A simple check of the security requirements recommended by WordPress will make brute force attacks much more difficult. As Mike Isaac points out in All Things D, “Hackers go after the low-hanging fruit, which is most often found in the novice Web users who don’t take the time to switch from their default login information.” A secure password is a mix of at least eight upper and lowercase letters, numbers and the kinds of ‘special’ characters used to depict curse-words (^%$#@*)!

Ditch The Admin Username: The attackers are in possession of 90,000 IP addresses from which they are trying to crack the default “admin” accounts on WordPress installations. So if you are still using “admin,” create a new user with admin privileges (you will need to use a different email address than the one attached to the current admin) and give it a strong password as defined above. Then log back in as the new user and delete the old admin account and assign all of the posts in that account to the new user. Five minutes, tops.
   
Update WordPress: Many hackers exploit holes that have ben identified in older versions of WordPress, so keeping your install up to date is another easy way to avoid trouble, though this is not as immediately relevant as the above two action items. WordPress founder Matt Mullenweg advises that if you do these first three “you’ll be ahead of 99% of sites out there and probably never have a problem.”
   
Install A Security Plugin: Using something like the Better WP Security plugin is probably agood idea in general, it won’t do anywhere as much in this case as the suggestions higher up the list. Mullenweg writes, “Most other advice isn’t great—supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin [like Better WP Security] isn’t going to be great (they could try from a different IP a second for 24 hours).”
   
Consider A Service Like CloudFlare: The Ars Technica article recommends, “operators can sign up for a free plan from CloudFlare that automatically blocks login attempts that bear the signature of the brute-force attack.” Just remember that, as Mike Isaac points out, CloudFalre itself has been “ringing the alarm bells (while simultaneously pimping the company’s own security services.)” See this post from the CloudFlare blog that raised this issue to the awareness of Goodin and Isaac, and make your own judgement.

A current estimate figures that one in every six sites on the web runs on WordPress. That’s a lot of fodder to make a botnet out of! Don’t let yours be one of the trampled. Make this five-minute fix today.

Source: You are not allowed to view links. Register or Login


Leave it for God, don't worry yourself. Leave it for God, don't cry no more.

Offline [Not Shown, Login to View]

  • Level 3 (Regular)
  • ***
  • Posts: 311
  • Respect: +67
  • Gender: Female
  • Location: Abuja
  • My Soul Praise the Lord
  • My Rank: 106
Thank sir for this info. May God not allow anything happen to our own sites. I will try and do this soon.

I was still using 'admin' I'll change it right away then try install the plugin. I hope the other service is free, cloudflare.

Thank you sir.
Forward ever, the best is yet to come. You are not allowed to view links. Register or Login

Offline [Not Shown, Login to View]

  • Administrator
  • Level: Mentor
  • ******
  • Posts: 259568
  • Respect: +7989
  • Gender: Male
  • Location: Benin City
  • 18th Chamber
  • My Rank: 80
Yes cloudflare is free and very good but you need to configure it. With cloudflare you don't even need the security plugin. We use it on many of our sites
Leave it for God, don't worry yourself. Leave it for God, don't cry no more.

Offline [Not Shown, Login to View]

  • Level 3 (Regular)
  • ***
  • Posts: 311
  • Respect: +67
  • Gender: Female
  • Location: Abuja
  • My Soul Praise the Lord
  • My Rank: 106
Okay thank you sir.
Forward ever, the best is yet to come. You are not allowed to view links. Register or Login

 

Related Topics

  Subject / Started by Replies Last post
Malware Attack

Started by [Not Shown, Login to View] Online Businesses

17 Replies
821 Views
Last post Jan 28, 2014
by [Not Shown, Login to View]
14 Replies
689 Views
Last post Feb 03, 2014
by [Not Shown, Login to View]
8 Replies
741 Views
Last post Jul 28, 2014
by [Not Shown, Login to View]
Say Today's Prayer

Started by [Not Shown, Login to View] Village Square (Under the Guava)

0 Replies
278 Views
Last post Jul 18, 2014
by [Not Shown, Login to View]
2 Replies
455 Views
Last post Nov 17, 2014
by [Not Shown, Login to View]

TinyPortal © 2005-2011
SimplePortal 2.3.5 © 2008-2012, SimplePortal