Secure Against Attack on WordPress and other CMS Sites Now!
“At present there is a distributed global ‘botnet’ attack on WordPress and other CMS (content management system) websites at every known website host. Bots attempt to hack the admin accounts and inject malicious scripts to the site code.”*
*Source – ADMAX.tv
As of today these attacks are happening at a global level. WordPress installations across the globe are being targeted. Because the attack on WordPress is highly distributed, most of the IP’s used are spoofed, it is very difficult to block all malicious data, but not impossible. This is why servers from many hosting providers have gone down in recent days, including big names like Godaddy and Network Solutions.
If you manage or own a website on a content management system (CMS) you know that invalid login attempts are an everyday occurrence. We see literally thousands of invalid login attempts from dozens of different IP numbers in the course of any given day. This is considered normal. However hosting providers worldwide are reporting they are seeing a systematic, well organized attack. The attacks on content management systems are well above average and often times at catastrophic levels.
HostGator’s analysis found that this attack on WordPress, vBulletin and other CMS sites is well organized. CloudFlare reported the hackers are using about 100,000 bots. Quoted at Techcrunch, Matthew Prince, CloudFlare’s founder and CEO, says that his company saw attacks on virtually every CMS site on its network.
The websites that have been hacked had the “admin” accounts compromised and malicious scripts were uploaded into the directories.
This attack on WordPress started on or about April 8th, but the hackers became extremely aggressive overnight on April 12th. They have already shut down 10′s of thousands of servers running WordPress. They have also affected the performance of many other servers. The attack started with WordPress installations, according to Sophos EndUser Protection (a major player in the web security industry), Joomla and Drupal website are now also getting hit.
The attack on WordPress began with a botnet made up of at least 90,000 hacked home based computers. This is not a “brute force” attack like we see every day. This onslaught is using what is known as a “dictionary” attack. This is where the hacker uses a list of the most likely usernames and possible passwords and tries those in very quick succession. Even when the attack fails, the load the attacks on multiple websites puts on a server can cause it to crash.
The early indications are that hackers are installing malicious scripts in the content management systems that have been compromised. These malicious scripts turns the infected website into an attacker to hack other websites. This is the reason this attack is going viral. According to Matthew Prince, the chief executive of web hosting company CloudFlare, these hackers are causing much more damage because the infected servers have large network connections and are capable of generating significant amounts of traffic for the attackers.
If you have not already done so, we strongly recommend you take the following steps to protect your wordpress installation:
Make sure your WordPress installation and all of your installed plugins are updated
Make sure your administrator’s password is secure
If you have a user account with the username “admin”, create a new administrator account with a different username and remove that old “admin” account
Install the security plugin WP Better Security
Other ways of securing a WordPress website can be found at WordPress.org.
These additional steps can be taken to further secure WordPress websites:
Remove README and license files.
Prevent reading of the htaccess file
Limit access to wp-admin.php and wp-login.php to your IP address
Move wp-config.php up one directory and change its permission to 400
We will continue to monitor this attack and post updates as more information becomes available.
D. Marcus Keith is a partner in ADMAX, a local and national; “Internet Marketing Optimization” agency that has been performing SEO-related services for Cloud9 Real Time since 2009.