Cosmic Brute Force attack- Affecting thousands of websites
Since last few weeks the most popular blogging platform “Wordpress” is facing an ongoing massive brute force attacks in full force. This global attack is highly systematized and is involving thousands of IP addresses under its flood. The attack uses some techniques to login into the WordPress site and plant some wicked code in the blogs and websites and thus damaging them.
It has become an intense requirement to protect your blog and site from this attack. To protect your blog, we endorse you to install a very good wordpress security plugin to sustain this situation. (For example, “Better WP Security”. We’ve tested this on a few blogs and it is giving desired results. It is an efficient and very simple plugin to secure your wordpress blog from these kind of attacks.)
Following steps are recommended to protect your blog. With the above plugins you can easily fix the following suggestions. If you’ve not installed any security plugins, you can do it manually.
1) Use Strong Password
The use of strong password is strongly suggested with a minimum of 8 characters, combination of letters, numbers, uppercase, lowercase and alpha-numeric characters.
2) Change default username
The site with default username i.e. admin is the first priority of this kind of attack. So, it is better to change the username to reduce the chances of your site being attacked by malicious user.
3) Update .htaccess file
By updating the .htaccess file you can check for a valid referer and limit access to only your IP address and thus protecting your site.
4) Password Protect the wp-login.php File
It is vital to protect your wp-login.php file with a strong password as it contains the password of your database as well as other security keys of the site.
5) Regular Backups
Customary backups of the database is imperative for the security of the site. In case of any kind of attack you can restore your site data in a matter of minutes and keep your site running as before without any kind of a break.
6) WordPress Update
It is important and useful to update everything related to wordpress to protect yourself from this kind of event.
7) Install WordPress Security plugin
Though WordPress is secure but, for a better security it is preferable to install the WordPress Security Plugin in your site. This plugin makes your site more secure by reducing by limiting the number of login attempts. We will shortly brief you about patterns of these attacks and vulnerable areas of your website.