WordPress Warning (Brute Force Attack 2013)

Well here we go again folks! Yet another attack on WordPress sites globally.  Recently there was a globally distributed brute force attack on WordPress websites. A brute force attack is an attempt by a hacker or hackers to gain access to your WordPress admin account by guessing your login information. By default, all WordPress sites begin with a default name for the administrator of the site (the owner) called "admin". Hackers know that it is extremely common for people to unknowingly leave the default user name in place and just add a password. Well if you are a hacker then you already have the first piece of information about a WordPress websites account, the user name "admin", now you just have to guess the password!

What can we do about attacks?

One of the first things a person should do when setting up a WordPress installation is to change the default user name from "admin" to something else. Next is creating a unique password that is strong. Since WordPress is open-source and free, it is attractive to hackers and virus creators because it is popular and easy to access. The plugins used to advance WordPress are vulnerable to and need to be protected as well. One way to protect your plugins is to create a blank file in a program like Notepad (that's right a blank file) and name it "index.html". Place this blank file inside your WordPress plugins folder on your server (host). This just does a little bit to help hide your plugins from hackers who may know about certain plugin exploits.

Installing a security plugin is essential too. There a re many to choose from so i won't mention any here because there are too many variables in each and every site (WordPress Installation). Some security plugins cause conflicts with other plugins or with your hosting service and your htaccess file so each individual must explore the different plugins to find the one that works best with their configuration and combination of plugins and theme.

A plugin to manage comments isn't a bad idea either since a lot of attacks come through the comment portion of WordPress. Pingbacks, Trackbacks and comments can contain spam as many of you already know and these intrusions can cause havoc on your site and may infect or expose your other visitors too. Articles and blogs generate comments but not all comments are comments. Some are spam or phishing links and many of these come from outside the US.

Lastly is keeping all of your themes and plugins up to date. most of the time when an update is issued, it is because of a vulnerability fix and security enhancement. So updating to the new version keeps you safer than using the old version. This applies to themes as well. hackers may work on a hack for a while but they will get in one way or another so theme creators must constantly update theme files for know exploits and new threats.

Overall I have to say that maintaining an online presence is quite laborious in general these days. Not to mention the added susceptibility when trying to run an e-business online. We have to constantly install updates and patches for our browsers, constantly update flash plugins which are extremely vulnerable to infections, constantly maintain virus, spam, adware and malware protection, be cautious with all the email and comments that go along with having an online presence (even email marked from a friend or family member), be mindful when shopping and purchasing goods or services online and repeatedly change and update our passwords list.

Why can't people just plot and scheme to do something good instead of plotting and scheming to do harm to everyday people trying to get by?

If you haven't taken the measures mentioned above, I would suggest that you implement them or do your own research and find suitable methods to protect yourself and your site visitors...

Written by
Allan Whitney
Owner/Administrator
www.MindVisionMedia.net