There is a massive distributed brute force attack campaign targeting WordPress sites which started today 7pm Pacific Time. This attack uses a large number of attacking IPs, and it is so bad that each IP is generating a huge number of attacks.
NB: This attack is the most aggressive campaign ever seen till date. with over 14 million attacks per hour. A total of 10000 IPs involved and over 190,000 WordPress sites targeted per hour.
Solution:
1. All our customs using wordpress should install wordfence plugin immediately. Premium version of Wordfence will be excellent. this provides a real-time IP blacklist to completely block attackers and provides excellent brute force protection by limiting login attempts and hiding usernames
2. Ensure that you have strong passwords on all user accounts, especially admin.
3. Change your admin username from the default ‘admin’ to something harder to guess.
4. Delete any unused accounts, especially admin accounts that you don’t use. This reduces your attack surface
5. Enable two-factor authentication on all admin accounts.
6. Enable an IP blacklist to block IPs that are engaged in this attack.
Kindly report any thing you don't understand to our support and security admin on calls, chat and tickets system.
Thank you for been our customer.
Sunday, February 4, 2018
Powered by WHMCompleteSolution
