Yesterday an industry wide DDoS (Distributed Denial of Service) attack targeting WordPress blogs was launched. The attack is still in effect, and has effected many web hosting providers including GreenGeeks.
There are a few things that you should do immediately to protect your blog from continued and future attacks:
1. Update Your WordPress Installation
Keeping your installation up to date not only enhances WP features, but also increases overall security… using older code presents opportunities for attackers.
2. Use a Strong Passkey… NOT a Password
I say passkey and not password, because passwords (made of easily remembered words such as place of birth followed by birthdate) are easily guessed at in figuring out… whereas passkeys do not make any sense at all and take much more time to crack.
The more impossible it is to remember a passkey, the more difficult it is to guess at or crack. The longer a passkey is, the longer it will take to crack it… so more characters always make better passkeys. Always use a completely random combination of upper and lower case letters, numbers, and other symbols… such as:
H6(o#d37$sIG~/5@hfj9”8H)&D8dhd+j=2.
Also, do not use “admin” as your username… apply the same logic as with passkeys.
3. Block Access to the WP-Login.php Page
Accomplished in one or both of 2 ways:
- AND/OR…
- * {see Note:, below} Add the following lines, if they are not there already, to the .htaccess file (located in /home/username/public_html in the cPanel if you are using GreenGeeks):
<FilesMatch wp-login.php>
Order Allow,Deny
Allow from xxx.xxx.xxx.xxx
Deny from all
</FilesMatch>
Replace XXX.XXX.XXX.XXX with your computer’s WAN IP address… type
What’s my IP Address?
into Google to find it out.
Note: The .htaccess solution is ideal for those with a static IP address… check with your internet service provider (ISP) as to whether you have a static or a dynamic IP address. If your ISP issues you a dynamic IP addresses, you won’t be able to log into your WP-Admin when your IP address changes… although you will still be able to edit the .htaccess file through your cPanel’s file manager… a different one of your ISP’s customer’s will have received your old IP address… so, this should only be considered a truly lock-tight viable option for you if you have a static IP.
From SuddenLink’s Tech FAQ:
Dynamic IPs are renewed every time you restart your system. Usually this number is different every time since it’s pulled out of a pool of available Dynamic IPs from the Suddenlink Business system. Static IPs are assigned to our customers in select Internet packages. The customer’s Static IP is always the same, which is a necessity when you are running a web server, mail server or any piece of equipment that needs to have the same IP address every time you access it.
4. Enable Clouflare
CloudFlare has a specific ruleset that filters Brute Force Attacks on the WP-Login.php / WP-Admin page. CloudFlare is free, enhances the security of your websites, increases load speeds, ensures your site is always “up”, and is already integrated into GreenGeeks… it is literally a one-click install if you are hosted with GreenGeeks.
Update (5-10-13): I found a potential problem with having CloudFlare enabled. While I was creating a new WordPress blog… (Hedonic), the speed at which the site updated any changes I made to the style.css file was so slow that I wasn’t sure what the problem was. Soon after I inactivated CloudFlare, updates took immediate effect like I am used to… so, if you are making changes to your blog, make sure CloudFlare is inactive while doing so.
GreenGeeks has optimized servers specifically for WordPress and awesome customer service… another reason why Ecoculture Village loves GreenGeeks is because we are powered by 300% wind energy, making our websites’ carbon footprint negative!
Can you tell I really like GreenGeeks?
Speak Your Mind Below!!!
Like this article? AWESOME it is! Awesome YOU ARE!
Leave a Reply