Massive botnet using brute force attack to target WordPress sites. Hackers may be building a more powerful botnet for subsequent, larger attacks.
Over the last few days many hosting companies are faced with serious cyber-attacks aimed at websites that were built based on Joomla and WordPress. Attackers are able to crack the only resources with the simple little protection.
The attackers use a botnet, which includes more than 90,000 servers for break access to the admin panel of the website. All that crackers do is try to “guess” the username and password. Sucuri company reported that in the first 10 days of April, it already had blocked more than 773,104 attacks.
HostGator, InMotion Hosting and Melbourne Server Hosting Providers advise their customers to update passwords for admin panels, making them the most complicated and confusing.
The problem has reached such a scale that even the founder of WordPress Matt Mullenveg published in his blog a note regarding this issue: “Almost three years ago we released WordPress 3.0, which lets you choose a custom user name during installation. Most of the users decided to use username admin as login by default. “
Head of the company says it is actively operating a huge botnet owners are in a position to access WordPresses-blog, which uses a simple user names and passwords. He advises users to change user names and passwords, as well as to include additional authentication and install the latest version of WordPress. If you used all preventive measures, the website could be protected from the majority of potential attacks.
We recommend that you install one of the special plug-ins that will protect your WordPress from Brute Force attacks:
– Limit Login Attempts – WordPress plugin to protect against Brute Force Attacks;
– Perfect Paper Passwords plugin – Multifactor authentication for WordPress Blog;
– WP-Sentinel – WordPress plugin for protection from dangerous HTTP-requests.