Wide-scale Attack Against WordPress blogging platform

Posted: April 14, 2013 in IT Security News
Tags: , , ,

Wordpress VulnerabilityLarge-scale attack against the WordPress blogs

Popular blogging platform WordPress has faced with BruteForce massive attack aimed at gaining control over user blogs, and placing in them malicious content and links. According Monitoring of the company Sucuri, currently against the system WordPress running large botnet consisting of at least 90,000 infected computers. The company said that the first attack was discovered last month, but in recent days occurred a burst of BruteForce activity against WordPress.

Irish hosting provider Spiral Hosting Saturday issued a warning to its customers that its customers are at risk of infection by malware, collecting clients for botnets. “At the moment there is a large number of attacks, BruteForce, emanating from the tens of thousands of IP-addresses all over the world,” – says Peter Armstrong from Spiral Hosting.

According to him, the attack type BruteForce provides exhaustive combinations username / password search in the dictionary in order to guess the right combination, and take control of the administrative part of the user’s blog. In Sucuri say that associated with many NOC-centers (Network Operations Centre) major providers around the world and they argued that records the BruteForce-activity in relation to the systems of WordPress.

Independent experts on IT security say that all the owners of blogs based on the WordPress platform, make sure that their software for hosting blogs updated to the latest version. In the latest versions of WordPress is the automatic update does not require any more effort and skills.

Protect against this type of attack is easy enough to put a special plug-in that will protect your site to WordPress from Brute Force attacks, considering especially that the plugins are free.

Perfect Paper Passwords (Multifactor authentication for your WordPress Blog)
Limit Login Attempts (Limit Login Attempts – WordPress plugin to protect against Brute Force Attacks)
WP-Sentinel (WordPress plugin for protection from dangerous HTTP-requests)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s