Huge attack on WordPress sites could spawn never-before-seen super botnet

WordPress Brute Force Attack

In the past few months there have been several alerts from different websites I frequent about possible malware infection. Thanks to Google Chrome for the malware alerts. Most other browsers don’t have this type of protection built in. One thing these sites have in common is that they all are run on self-hosted WordPress installations just like my own.  Hackers are launching an attack on WordPress sites to further leverage their destructive capabilities.

My brother was kind enough to send me this article the other day knowing that WordPress is what I advocate for setting up blogs and even websites because it is a wonderful content management system. Turns out there are hackers that will use vulnerabilities in WordPress to their advantage to carry out brute force and DDoS attacks on large corporations. For instance my server offers automatic installation and upgrade of commonly used content management, blogging and forum software. The hackers will take advantage of the reach of these servers and attempt to infect as many installations as possible. Then the malware is attacking from a much larger scale than just from one PC to another.

My site is protected through CloudFlare. After I encountered the first malware warning from Chrome about one of my favorite sites I decided to research how I could protect my website at the server level. That’s when I found CloudFlare. It protects my site at the DNS level which is fabulous. Even on the free service is blocks malicious connections from all over the world.

Is your website or your friends website at risk? Find out and please share this article.

Security analysts have detected an ongoing attack that uses a huge number of computers from across the Internet to commandeer servers that run the WordPress blogging application. The unknown people behind the highly distributed attack are using more than 90,000 IP addresses to brute-force crack administrative credentials of vulnerable […]

5 comments for “Huge attack on WordPress sites could spawn never-before-seen super botnet

  1. April 18, 2013 at 1:08 am

    Thank you for your sharing this valuable information. I have some bad experiences with malware.

  2. Sarah L
    April 18, 2013 at 2:54 am

    That’s some scary stuff. I don’t have a blog, but I’ve seen the Google malware messages on some blogs. I usually go to their FB page and let them know.

    • April 18, 2013 at 6:55 am

      Sarah L. as a blogger you have no idea how much I appreciate when a reader lets me know when there is a problem. If ever you find a broken link, disappearing image or god forbid a malware error on Chrome from my sites I invite you to do the same with me.

  3. April 27, 2013 at 12:47 am

    It’s most critical than in the past to safeguard WordPress websites, otherwise there’s the risk that they may possibly be became used for criminal activities.

    As WordPress founder Matt says, having a strong password and ensuring that you have most up-to-date version of WordPress is an adequate protection. The botnet is literally guessing security passwords, so if you have something which is not guessable you should be safe.

    There is now a Google Authenticator Plugin for WordPress. You could enable (or disable) it per user (admin, editor, etc). This plugin coupled with strong password is the best you can do to secure the back end. This is the plugin I installed for my website.

    • April 27, 2013 at 12:50 am

      Frank thanks for this tip. I’ll look into the Google Authenticator plugin in addition to the other security measures I have in place.

Leave a Reply

Your email address will not be published. Required fields are marked *