How to stop wordpress brute force attack


1. Use a strong password

 Minimum password recommendations:

 - At least 8 characters total
- Mixture of upper and lower-case letters
- Numbers, punctuation or other non-alphanumeric characters

 Example weak password: secret1
Improved strong password: Z#hupsZ2M4!Z

 2. Change default WordPress admin username

 When installing WordPress by default the administrator user has the username of admin.

 The botnet attack is currently only targeting this default username, so even having an administrator username of admin123 could signifiantly reduce the likilhood of your site being succesfully logged into by a malicious user.

3. Lock down WordPress admin access with .htaccess

 Utilizing a WordPress brute force plugin for this type of attack is not very efficient, and in some cases can actually lead to your site becoming unavailable due to the large amount of processing power used to attempt to challenge each and every malicious login attempt.

 Instead you should rely on the information we have on how to lock down WordPress admin login with .htaccess.

 Setup a secondary level password to prevent unauthorized WordPress wp-admin and wp-login.php attempts.



4. Temporaily disable CPU intensive login limit plugins

 Blocking this attack with .htaccess rules is the preferred method, as login limiting plugins can not only lead to issue with triggering our own internal security rules, but they also will not be effective in this type of large scale attack.

 5. Scan website for hacks, check Google Safe Browsing

 If your WordPress site had been successfully compromised, a clear indication will usually be found either by a surface security scan of the website, or it will also get reported to Google's Safe Browsing.

 Scan your website with an online malware scanner like sitecheck.sucuri.net/scanner

 Check Google's safe browsing for your domain, at google.com/safebrowsing/diagnostic?site=example.com

 6. Setup CloudFlare DNS level protection

 Due to the large scale of this botnet attack, CloudFlare has offered DNS level filtering for this attack on all of their free accounts.

 While probably not an ideal solution if you have many WordPress sites due to having to update the name servers for each domain, and then waiting typically 24-36 hours for DNS propagation. Single site owners might benefit greatly from this type of protection which should block the botnet requests from even making it to the server in the first place.

 7. Backup WordPress

 At this point it's probably a good idea to backup WordPress just in case. That way, as the attacks continue, you're ensured that you always have a good point to restore back to in the event something goes bad.

 Backing up your data

     Backup your website files in cPanel
    Backup your database in cPanel

 Restoring your data

     Restore your website files in cPanel
    Restore your database in cPanel

 8. Update everything WordPress

 To protect yourself from any known exploits to WordPress you should update everything related to WordPress:

 Necessary updates to make:

     Update WordPress from admin dashboard
    Update WordPress theme
    Update WordPress plugin

 9. Clean up hacks

 If your website has been the victim of a hack, you can follow my guide on how to reinstall WordPress after a hack for steps on cleaning it up and getting back in business.

 10. Other general WordPress recommendations

     Optimizing WordPress with W3 Total Cache plugin
    Log out of WordPress admin dashboard when not in use
    Limit or disable WordPress revisions
    Disable WordPress autosave
    Install and use Better Delete Revision WordPress plugin

 Hopefully your WordPress website should be locked down and secure now, which should help prevent our own internal security rules from blocking your own access to your WordPress admin.

 If you're blocked out of your own account and were directed to this article via a warning message be sure that you followed step #3 Lock down WordPress admin access with .htaccess in order to regain access.

 source : http://www.inmotionhosting.com/support/news/general/wp-login-brute-force-attack

Comments

Post a Comment

Popular posts from this blog

Brother printer password reset using telnet

Image
  Login into printer using telnet. telnet 10.1.0.110 Enter default telnet password as 'access' . Press enter for the username or you can use admin or what ever username.  Type this command to reset the password SET PASSWORD abc123 New password will be abc123 .    Clear the web password of  MFC-8510DN  Note : when you change the password this will change the both web and telnet password. If you just need to reset the password enter SET PASSWORD. and hit enter key without password. That will reset the web login password and also it will automatically change the telnetpassword back to 'access'
Read more....

How to adjust the brightness in Samsung 19" SyncMaster SA100 LED monitor?

Image
METHOD ONE (I) 1. GOTO this site. http://www.samsung.com/us/consumer/learningresources/monitor/magetune/pop_download.html 2.download suitable version with our OS . me use windows7 then i choose ex :  http://www.samsung.com/us/consumer/learningresources/monitor/download/MagicTunePremium_Win7_WinVista_32bit_3.2.2.zip 3.run the program.if you are using laptop to use this LED monitor as secondary display first time this program may be not work.then drag that program into your secondary monitor display area and then click image menu. 4.Any questions please ask me. SECOND METHOD (II) Hold power button 8 - 10 seconds then monitor adjust automatically. THIRD METHOD (III) (STILL BETA VERSION RELEASED) You can download my small program [Open source] to adjust monitor brightness (dual monitor supported) from below link [Available as a source code and binary both] http://freevbs.blogspot.com/p/computer.html
Read more....

ASP.NET Server Controls Tutorial

Image
In this tutorial, you will learn how to build an ASP.NET server control by creating a Hello World Control. Along the way, we'll review the fundamental process of server control development from scratch. Creating a Custom Control Project First, we need to create a new class library project to hold our custom controls. By creating the custom control in a separate class library, we can compile the project into a separate DLL and use the custom control in any application that requires it. Open your ASP.NET project with Visual Studio or Visual Web Developer. In Solution Explorer, right click the solution name, and select Add New Project from the context menu. In the Add New Project dialog box, choose the project type to be a Web project, and select ASP.NET Server Control as the template, like so:
Read more....