# Major concerns for those with wordpress sites.



## straight_lines (Oct 17, 2007)

> Security analysts have detected an ongoing attack that uses a huge number of computers from across the Internet to commandeer servers that run the WordPress blogging application.
> 
> The unknown people behind the highly distributed attack are using more than 90,000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems, researchers from at least three Web hosting services reported. At least one company warned that the attackers may be in the process of building a "botnet" of infected computers that's vastly stronger and more destructive than those available today.


http://arstechnica.com/security/201...s-could-spawn-never-before-seen-super-botnet/


----------



## vividpainting (Aug 14, 2011)

Good post. this is scary as hell to say the least !


----------



## ewingpainting.net (Jun 2, 2008)

thanks going to forward it to my tech guy


----------



## RCP (Apr 18, 2007)

Good article Tommy, thanks.

Security is always an issue and the biggest problem is weak passwords. I use Lastpass and it auto generates strong passwords.


----------



## DeanV (Apr 18, 2007)

I use 1password. Similar to lastpass. I will need to check website login stuff ASAP though.


----------



## straight_lines (Oct 17, 2007)

RCP said:


> Good article Tommy, thanks.
> 
> Security is always an issue and the biggest problem is weak passwords. I use Lastpass and it auto generates strong passwords.


Chris did you check out those security plugin ins linked in the article? I know a strong password would make it harder to crack, but the attackers are using brute force to guess the password. Given enough time and resources you could get any password this way. 

Having controls in place that can recognize that type of attack would be the best protection.


----------



## straight_lines (Oct 17, 2007)

Just installed Limit Login Attempts plugin. Hard to believe wordpress doesn't do this by default, it would eliminate this sort of attack.


----------



## RCP (Apr 18, 2007)

straight_lines said:


> Chris did you check out those security plugin ins linked in the article? I know a strong password would make it harder to crack, but the attackers are using brute force to guess the password. Given enough time and resources you could get any password this way.
> 
> Having controls in place that can recognize that type of attack would be the best protection.


Agree, and I do have Limited Login installed. I am considering the better wp security one, but I am worried it will lock out too many of the users, see the support forum comments.

Did you try Cloud Flare? Looks interesting, but with 30 sites, it would be expensive!


----------



## straight_lines (Oct 17, 2007)

I haven't used cloud flare, must be decent service if Ars endorsed it.


----------



## GrantsPainting (Feb 4, 2013)

It says they are using 1000 or so common passwords. So if you password is WordPressSite01. Your ed

I always use random passwords with caps and numbers. Then always a separate password for everything. Then change them frequently and simply write them down. So unless a hacker breaks into my house... Ill be fine.

This is more than likely the group "Anonymous" A few months ago they attacked GoDaddy and it slowed my site down dramatically and google stopped crawling it. I moved to dreamhost. I had heard it was because of P0rn sites and other unscrupulous business practices of GoDaddy. 

So even though I had to move my site... Anonymous still has my thumbs up.


----------

