WordPress Attacked!

Sources from several Web hosting services this week raised an all-out alert: WordPress was under attack with at least 90,000 IP addresses involved to brute-force crack credentials of WordPress sites. The attacks, they said, are worrying in that they are on an unusually large scale, being described as “superbotnet” level. Among hosting providers detecting such attacks were CloudFlare and HostGator. “The attacker is brute force attacking the WordPress administrative portals, using the username ‘admin’ and trying thousands of passwords,” Matthew Prince, CEO of CloudFlare, said in an April 11 blog posting.

Matt Mullenweg, one of the creators of WordPress said on his blog in a Friday, April 12th post:  “Almost 3 years ago we released a version of WordPress (3.0) that allowed you to pick a custom username on installation, which largely ended people using “admin” as their default username. Right now there’s a botnet going around all of the WordPresses it can find trying to login with the “admin” username and a bunch of common passwords, and it has turned into a news story (especially from companies that sell “solutions” to the problem).”

Mullenweg goes on to give the following expert advice “Here’s what I would recommend: If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem. Most other advice isn’t great — supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours).”

Our own two web hosting companies here at TheCameraForum.Com have advised us this is a major, worldwide crisis where everyone who runs a WordPress site needs to take immediate protective action if you have not done so already.  InMotionHosting have provided “hardening” instructions for protecting your WordPress site here: Blocking Brute Force Attacks.

How does this crisis affect TheCameraForum.Com?  Since TheCameraForum.Com runs on WordPress, we have been watching as these attacks grew over the past two weeks at an ever increasing level.  Of the eighteen total web sites we manage, all of them save for one has been under attack.  It’s been a busy two weeks for me!  In order to insure a quality experience for everyone of our readers and forum participants, we have instituted some new further login security verification procedures that will remain in effect at least until this crisis has passed.  As Matt M. suggests above, we have implemented two-factor authentication.

How does this affect you?  As a reader of TheCameraForum.Com it doesn’t.  If you are a subscriber registered to post in the forums or add comments however, it will add an additional login step once your normal password entry is accepted.  Upon your login authentication by password, our new login process will require you to enter a special numeric “code” before your login is finalized.  This code is sent by either a text message to your cell phone, or it can actually call you on whatever phone you wish, where a recorded female voice will speak the correct login code for you to enter.  Please enter a phone number to text the code to or the number to call and hear a spoken recorded code.

Once successfully logged in, just set a new bookmark for a post-login location.  This bookmark used the next time you visit will insure you do not have to go through this process more than once every sixty days.