In this episode we talk about WordPress brute force attacks. That’s not something you hear very often if cutting and coloring are the main focus of your day. It’s not something that salon owner’s normally have to worry about. If your salon website is built with WordPress, then the latest news about attacks on WordPress sites will be of interest to you.
According to several tech websites and a few web host providers, a collection of a 90,000 computers have been trying to break into WordPress sites. According to reports, they’re not going after all sites, just the ones where the username on the account is “admin”.
These 90,000 computers are controlled by hackers that seem to be staging these WordPress brute force attacks as a shortcut for attacking the web servers from his blog Matt Mullenweg, one of the founders of WordPress, laid out a common sense set of steps salon owners should take to protect their websites.
Since there seems to be a WordPress plugin for everything under the sun, you’d think that there would be a plugin that stops brute force attacks.
There are several security firms with plugins in the WordPress repository that are stepping up to the plate recently. However, some security features are not very effective with a botnet of this size. As Matt Mullenweg pointed out in his blog.
~ supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours).
Two Factor Authentication Plugins:
Links mentioned in this episode: