addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupsimageimagesinstagramlinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1outlookpersonJoin Group on CardStartprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

Portland WordPress Meetup Message Board › WordPress Security and Bute Force Attacks

WordPress Security and Bute Force Attacks

Lorelle V.
North Plains, OR
Post #: 28
I'm starting to hear from clients and students about the news of the security issues and brute force attacks against WordPress. I've heard from others on Joomla and Drupal that they are also being attacked, so this is not exclusive to WordPress.

If you or your clients are worried, here is what you most need to know:

  • Verify all usernames are NOT admin or something simple. Make usernames more complex.
  • Ensure all passwords are alphanumeric with symbols (@#$%^&*) and are more than 8 characters.
  • Those on are safe, however if you were dumb and didn't use a solid username or password, your site is vulnerable to this bot.
  • Check that all WordPress sites are updated to the latest release, as are Themes and Plugins. No excuses.
  • If you or a client cannot log into the site or get an error when trying to login, contact your web host customer support immediately. This may not be a sign your site has been hacked but rather your host may have blocked direct access to the login file. Check with them on the status and security of your site.
  • This is not an exclusive WordPress attack. Joomla, Drupal, and other hosting services are also being attacked. Because there are so many on WordPress (so many vocal folks, too), it feels like it is targeted only to WordPress. It is not.

Matt Mullenweg has addressed this issue and here are some other "official" references. Support Forum Post on Brute Force Attacks
WordPress Codex Article on Brute Force Attacks

I'm working on an article about this to hopefully release tomorrow, but wanted to give you all a heads up.



UPDATE: The post is The Brute-Force Password Attack on WordPress Sites.
Envoke D.
user 96824972
Portland, OR
Post #: 1
There is also this...­

Which is one of the best Wordpress security plugins hands down.

- D­
Powered by mvnForum

Our Sponsors

  • Digital Trends

    Digital Trends kindly provides our downtown venue.

  • O'Reilly

    Discounts on books and conferences.

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy