Large-scale attack against the WordPress blogs
Popular blogging platform WordPress has faced with BruteForce massive attack aimed at gaining control over user blogs, and placing in them malicious content and links. According Monitoring of the company Sucuri, currently against the system WordPress running large botnet consisting of at least 90,000 infected computers. The company said that the first attack was discovered last month, but in recent days occurred a burst of BruteForce activity against WordPress.
Irish hosting provider Spiral Hosting Saturday issued a warning to its customers that its customers are at risk of infection by malware, collecting clients for botnets. “At the moment there is a large number of attacks, BruteForce, emanating from the tens of thousands of IP-addresses all over the world,” – says Peter Armstrong from Spiral Hosting.
According to him, the attack type BruteForce provides exhaustive combinations username / password search in the dictionary in order to guess the right combination, and take control of the administrative part of the user’s blog. In Sucuri say that associated with many NOC-centers (Network Operations Centre) major providers around the world and they argued that records the BruteForce-activity in relation to the systems of WordPress.
Independent experts on IT security say that all the owners of blogs based on the WordPress platform, make sure that their software for hosting blogs updated to the latest version. In the latest versions of WordPress is the automatic update does not require any more effort and skills.
Protect against this type of attack is easy enough to put a special plug-in that will protect your site to WordPress from Brute Force attacks, considering especially that the plugins are free.
Perfect Paper Passwords (Multifactor authentication for your WordPress Blog)
Limit Login Attempts (Limit Login Attempts – WordPress plugin to protect against Brute Force Attacks)
WP-Sentinel (WordPress plugin for protection from dangerous HTTP-requests)