495 posts Code Is Poetry
  • Elite Author
  • Author Level 11
  • 6 Years of Membership
  • Top Monthly Author
+10 more
gljivec
says

Apparently there is a big attack on Wordpress sites going on at this moment. Also our server hosting company informed us, if we have a lot of Wordpress sites on the server we should be very careful. More about the attack can be read here:

http://arstechnica.com/security/2013/04/huge-attack-on-wordpress-sites-could-spawn-never-before-seen-super-botnet/
2234 posts
  • Trendsetter
  • Weekly Top Seller
  • Featured Author
  • Exclusive Author
+5 more
Bedros
says

Apparently there is a big attack on Wordpress sites going on at this moment. Also our server hosting company informed us, if we have a lot of Wordpress sites on the server we should be very careful. More about the attack can be read here: http://arstechnica.com/security/2013/04/huge-attack-on-wordpress-sites-could-spawn-never-before-seen-super-botnet/

:shocked:

381 posts Simple is the new black.
  • Weekly Top Seller
  • Elite Author
  • Author Level 7
  • 5 Years of Membership
+5 more
PaulWinslow
says

Every time somebody types “Wordpress” instead of “WordPress”, an angel loses its wings.

1565 posts
  • Affiliate Level 1
  • Author Level 5
  • Collector Level 2
  • Featured Author
+2 more
OriginalEXE
says

Every time somebody types “Wordpress” instead of “WordPress”, an angel loses its wings.
True, and yet, even Envato, who practically “lives” from it, writes Wordpress :)
3535 posts
  • Power Elite Author
  • Author Level 12
  • Trendsetter
  • United States
+13 more
sevenspark
Moderator
says

I thought this deserved a little bump. I have a lot of WordPress sites, and I’ve noticed a lot of brute-force login attempts for the admin username in the last 24 hours. I’d definitely recommend that people:

1. Don’t use ‘admin’ for their administrator username

2. Install the Limit Login Attempts plugin and lock the attempts in short order, at least for the time being. Better WP Security is probably a good idea too ( http://wordpress.org/extend/plugins/better-wp-security/ )

Good luck everyone on outrunning the zombies!

822 posts
  • 6 Years of Membership
  • Beta Tester
  • India
  • Exclusive Author
+1 more
laranz
says

IP Limit don’t gonna work I think. http://ma.tt/2013/04/passwords-and-brute-force/

179 posts
  • Author Level 10
  • Collector Level 4
  • Top Monthly Author
  • Trendsetter
+6 more
MNKY
says

Ok.. was going to install the Limit Login Attempts plugin to our WordPress installs and logged in to multiple WP installations simultaneously. Guess what? IP was immediately blacklisted and now I can’t access my own site.. :ohrly:

107 posts
  • 5 Years of Membership
  • Affiliate Level 2
  • Australia
  • Author Level 3
+2 more
pjtops
says

IP Limit don’t gonna work I think. http://ma.tt/2013/04/passwords-and-brute-force/

Shameless but relevant plug: Ghost Captcha For WordPress

Works on all the in-built wordpress forms. It times how fast each form is filled, and if it gets submitted too fast, its marked and discarded as spam. And you can set the minimum required times for each form.

822 posts
  • 6 Years of Membership
  • Beta Tester
  • India
  • Exclusive Author
+1 more
laranz
says

Ok.. was going to install the Limit Login Attempts plugin to our WordPress installs and logged in to multiple WP installations simultaneously. Guess what? IP was immediately blacklisted and now I can’t access my own site.. :ohrly:

lol :D

216 posts
  • 2 Years of Membership
  • Affiliate Level 3
  • Author Level 8
  • Collector Level 1
+5 more
Playnethemes
says

Our live preview was hacked aswell we believe :) Could anyone give us tips on how to improve security? or how to prevent this? :) (edit: just saw sevensparks comment!)

by
by
by
by
by
by