I too received a couple of emails from 2 different hosting providers I use, one of which is lunarpages, informing me of a recent onslaught of hacking attempts focused on wordpress websites all over the world now, and how to secure wordpress better. Although this is no new thing as these hacking attempts happen year round, there just seemed to be a surge these days and they’re centered on wp sites.
If you used wordpress, chances are, you have email in your inbox telling you of this ongoing attack.
Anyway, they all advised everyone to be vigilant and not to take security for granted. If you’ve been hacked before, you’ll know what I mean.
Yes, I once ignored this kind of advise before, resting on an innocent thought that no one would have any reason to hack my site. That only the big sites are being actively attacked. No way Jose. We aren’t dealing with little insecure would be hackers here. What’s making all these attacks are bots… software that automates all hacking actions and attempts. Thus they can work 24/7, no rest at all. And more importantly, they don’t differentiate between big wbsites or small insignificant one-page sites. They devour everything in their path like a hungry lion that’s been genetically engineered to behave both like a lion and a hyena.
Lunarpages did notspecify how they handled the attacks but Fatcow revealed that they choked traffic to the login pages. The attack was temporarily stumped. The downside to this however is that legitimate wordpress owners’ IP may have been blocked as well from accessing their dashboards at least during the first 3 days starting Thursday.
What we can do
While hosting providers levelled up their security fences, we as webmasters are left with the responsibility of setting up the first line of defense.
- We are advised to change our passwords every 90 days. And not just any password. We should employ strong passwords that are not listed among the passwords being feed to hacking bots in their nefarious attempts.
- password protect your login page. This effectively adds an extra layer of protection for your websites agains these hacking bots.
This methods can be done manually or through a wizard (if its available in your cPanel).
Manually, you can follow the steps outlined on this page.
- Install wordpress security plugins.
Additionally, if you haven’t installed them yet, then install two very essesntially security plugins for your wordpress site as discussed in this post.