FAO Wordpress Website Owners on Shared Hosting

smooth

smooth

Threebrows
Messages
5,553
Name
Matt
Edit My Images
Yes
Hi All.

There is currently a large scale Brute Force DDoS attack that is targeting those on shared hosting. It targets the wp-login.php and bombards it with the 'Admin' username and tries to guess the password.

If you have a Wordpress Site, make sure your Admin passwords are secure (eg not a word! - eeg - 8THz9HNDMbAgfNwMuN) and that you have the latest version of Wordpress installed.

Also worth looking at a plugin such as: http://wordpress.org/extend/plugins/limit-login-attempts/

Thought I would share as I know a number of photographers on here (such as me!) use Wordpress on a shared hosting environment.

(y)
 
Last edited:
Thanks :)
 
smooth said:
Hi All.

There is currently a large scale Brute Force DDoS attack that is targeting those on shared hosting. It targets the wp-login.php and bombards it with the 'Admin' username and tries to guess the password.

If you have a Wordpress Site, make sure your Admin passwords are secure (eg not a word! - eeg - 8THz9HNDMbAgfNwMuN) and that you have the latest version of Wordpress installed.

Also worth looking at a plugin such as: http://wordpress.org/extend/plugins/limit-login-attempts/

Thought I would share as I know a number of photographers on here (such as me!) use Wordpress on a shared hosting environment.

(y)
Click to expand...

why is the hosting environment going to make a difference. you can host word press in shared, cloud, dedicated, hypervisor, or pretty much any other hosting environment

The differentiation is... Are you hosting wordpress yourself, or is your site hosted at WordPress
 
Shared hosting is just making it easier for the attackers to find a whole bunch of wordpress installations quickly. Cloud will likely be affected too.

So it is not just sites hosted by wordpress.

Folk running a dedi, or any other method where the IP is not shared among a lot of other users, will be much more secure because in all likelihood hackers are unaware their wordpress install exists.
 
Thanks for the info…

Just changing my password on my site from password :)
 
RichardtheSane said:
Shared hosting is just making it easier for the attackers to find a whole bunch of wordpress installations quickly. Cloud will likely be affected too.

So it is not just sites hosted by wordpress.

Folk running a dedi, or any other method where the IP is not shared among a lot of other users, will be much more secure because in all likelihood hackers are unaware their wordpress install exists.
Click to expand...

Nah not really, I've got several racks in different locations. Dedicate servers are just as much affected as others. At times when I'm bored I love looking through my IPS logs and see who are attempting. you can just see that they are targetting subnet by subnet and hopping along..

A good managed service will have made certain they are kicked off well before they can find anything...

But yes its been a busy week, bit less now though...
 
a few other things to do. Firstly make sure your user account isn't called admin.. If it is make a new account and then delete admin. Remember to give your pages and posts a new owner though.

Install limit login attempts plugin. Blocks IP who try and force your password

Make permissions on wp-config 600.

Move wp-config up one level out of your public HTML area. As long as your hosting your blog in the root directory of your domain WP will still use it fine, but anyone snooping can't see it
 
You must log in or register to reply here.
Back
Top