Does your website use WordPress? Is the software & security up to date?
WordPress brute force attacks began in April 2013. Thousands of malicious bots would automatically attempt to guess the login details for WordPress admin dashboards.The amount and frequency of the requests inundated many websites and caused major problems for many leading web hosting providers. Spiral Hosting led the way in implementing security procedures to help prevent these attacks. There’s more information athttp://www.siliconrepublic.com/enterprise/item/32269-major-brute-force-attack-ag
One year later, unfortunately we’ve seeing a resurgence in these brute force attacks as hackers/exploiters attempt new brute force methods. Help prevent attacks on your website and help keep our web servers running smoothly for all customers. We strongly recommend you follow these security instructions:
1) Make sure the admin dashboard has a very secure password. For example, “secret1″ is a bad insecure password and “Z#hups$M4!Z” is a good secure password.
2) Make sure your WordPress core is up-to-date (always use the latest version, without any exception)
3) Make sure your WordPress plugins are up-to-date (always use the latest plugins, without any exception)
4) Make sure your WordPress theme is up-to-date (and importantly, remove any old inactive themes from the /wp-content/themes/ directory because old theme files are part of a new hack/exploit)
5) Install the iThemes Security plugin (formerly called Better WP Security), here’s how to install:
(a) In your WordPress admin dashboard, go to Plugins page, click ‘Add New’ button, then search for “iThemes Security” and click ‘Install Now’.
(b) Click on ‘Activate Plugin’ and you’ll see a message “iThemes Security is almost ready.” Click on ‘Secure Your Site Now’.
(c) You’ll be given a list of options. The 1st option is to schedule automated backups; you don’t need to do this because we already keep 14 days of backups for every website hosted with us. Proceed to the 2nd and 3rd options – ‘Allow File Updates’ and ‘One-Click Secure’. Enable both the 2nd and 3rd options and this will activate basic security measures for your WordPress website.
(d) Click the ‘X’ button and it will bring you to the iThemes Security dashboard with a list of more security measures. You should consider implementing the High & Medium security recommendations, in particular the ‘Hide Login’ functionality. There is more information on all the options available with this plugin athttps://wordpress.org/plugins/better-wp-security/