News has been hotting up over the last 48 hours or so over a massive attack that is taking place against WordPress (and indeed Joomla sites) installations on a global scale. We would stress that it is not limited to any one particular hosting provider, but of course how the different hosting providers respond to the threat could be significant towards the security of your site. However, there is something you can do now to improve the security of your site, and that is change your password now, to an extremely strong one, using numbers, letters, lower case, upper case, and other special characters. Having to rectify a hacked site can be extremely time consuming, and if you have no technical knowledge or lack sufficient backups could be expensive.
To go into a little more detail, for the more technical minded, this attack has been seeking to exploit the wp-login.php file. The attack originates from a large number of hijacked PC’s around the world that attempts to break into your site by continually trying to guess the username and password to get int the WordPress admin dashboard.
Now, the chances hosting providers are just getting to the stage where they are releasing official statements of the attack, and the views of most are to increase security by updating your .htaccess file to only allow logins from a set number of IP addresses (such as the locations of where you would log in). This is ok for a partial fix, but we would like to share with you how our host of this website (SiteGround) is approaching fixing the issue.
How our host SiteGround fixed the issue
Now, we won’t hide our love for SiteGround (you can see it ranks top of our web hosting reviews, and we use it to host this site). Here is what SiteGround had to say:
At the time we post this there were not many official statements made by other web hosts, now more than 24 hours later we have seen several official statements how other approach the problem, and we would like to turn your attention to the fact that the solution to the Global WordPress brute force attack, proposed by the majority of the other hosts has some serious limitations. It is based on editing .htaccess files. We believe that this is only a partial fix to the problem. If your host relies only on .htaccess rules to stop the attackers, they actually allow them to reach your server, make requests, process those requests, check whether they should be blocked and then finally reject them. All that causes server load and makes your site slower, even if the brute-force attempt is stopped. Last but not least, this causes problems for the people who don’t know about the attack and only see themselves unable to access their sites.
We at SiteGround have taken a different approach preventing attackers from even reaching the server. This means that no load is caused on the server, no sites are slowed down and all targeted sites are protected in a way that most of our customers won’t even notice the attack!
Now, according to SiteGround, just on their servers alone they have blocked 4.08 million brute force attempts in the last 12 hours alone. You can see the scale of the problem is off the charts! Apparently the botnets were using up to 20 IP’s per server and guessing passwords at a “unique” pace. At this level, not only would the WordPress sites be at risk from hacking, but we can imagine that server performance would be severely undermined, especially on some of the cheaper hosting providers. Of course, SiteGround put into affect various fixes to stop these attackers reaching the server, thus reducing the server load in the process. The traditional fix using the .htaccess file recommended by many of the other hosts (which of course you have to modify yourself!) would not have this same affect. Of course, if you are with SiteGround you may have found that your passwords have been upgraded by them to something stronger as well, just to make sure you are protected.
SiteGround also brought my attention to a WordPress plugin called Sucuri, in which it was announced that it was being used to inject a “PayDay Loan” link into peoples websites. Sucuri was a Social Media Widget Plugin that has since been removed from the official WordPress plugin repository. Many hosts have forcefully removed this plugin from their users sites, so you should check your site to see if this has occurred and whether any modifications are now required. You will be pleased to know that if you were with SiteGround, they automatically removed the bad code from the plugin for you so you will not notice any difference.
We hate to rave about how great SiteGround are, but the above even on our own tough standards is pretty impressive. If you have not already, you should seriously consider moving across to them at the moment, as they currently have an offer of 60% off all hosting plans, and so you can get hosting for just $47.40 for the year, although you may want to buy 3 years at once with that kind of discount.
To read more about SiteGround check out our review, and if you want to proceed click the coupon below, and it will take you to the site with the 60% off showing.
The post Massive Brute Force Attack Affecting WordPress Installations Worldwide appeared first on Tech News Today.