A month ago we responded on behalf of our clients to a severe global botnet attack targeting websites built on the WordPress platform. While our implementation of time tested security best practices served to reduce our clients’ vulnerability, the effects of the attack were felt on our servers as they blocked hundreds of thousands of login attempts from 2000+ IP addresses. Thankfully, the impact on server performance was minimal. If you haven’t had Catalyst address these security concerns for you, here are some basic steps you should take to secure your website:
1.) Remove user accounts with common names. During the most recent attack, the botnet most commonly guessed: “admin”, “test”, “administrator” and “root”.
2.) Use unique secure passwords. While the botnet has in the past been programmed to attempt the above usernames with the most frequency, it is changing to include, among others: “editor” and “moderator”. I would expect we’ll see common first names included in the brute force attacks in the near future. Counter this by using a unique, secure password. Use capital letters, numbers and symbols to spell words not found in the dictionary. Most importantly, note the fact that I specified your password should be unique. When hackers gain passwords by compromising sites like Dropbox, LinkedIn or Yahoo, they add the stolen passwords to their brute force dictionary.
3.) Install a security plugin. While there are many plugins that will do the trick, I like Login Lockdown. Login Lockdown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.