As you may be aware, WordPress installations come under global attack in the last few days. This is not specific to any host or site, it's currently a global internet problem. If you're using WordPress on your MacDock hosting account, we wanted to get you up to speed on what's happening and what you can do to protect yourself.

This is a brute force attack - we see large numbers of unique IP's trying to connect to WordPress installations and login with a list of common passwords. These bots will continually attempt to login causing an increase in traffic and decrease in performance on your WordPress site. We recommend going over WordPress' own Brute Force article to get a good background on what's going on: http://codex.wordpress.org/Brute_Force_Attacks.

You should also consider utilizing WordPress' built-in Two Step Authentication. This will require an extra step for you to login as admin but also makes it much more difficult for your site to be exploited by a brute force attack: http://en.blog.wordpress.com/2013/04/05/two-step-authentication/

There are also additional services (such as CloudFlare) and plugins (such as Limit Login Attempts http://wordpress.org/extend/plugins/limit-login-attempts/) that can dramatically increase your site's security.

We've implemented several security mechanisms on our hosting platform to deflect these attacks - but this is a large and highly distributed network that is involved, please take a brief look at how you can further harden your WP installation. 15 minutes of preventative maintenance could save you hours of time due to a compromised/damaged WordPress installation.



Tuesday, May 28, 2013

« Back