Brute Force Password Attack!

There is currently a massive attack on WordPress sites going on all around the world. Nearly one hundred thousand different servers, most of them hijacked, are running a script that methodically works through possibilities for usernames and passwords in order to gain access to administration accounts on WordPress sites. Because of the number of servers engaged in this "brute force attack" process, many sites are being hijacked. There are things you can do to help protect yourself.
 
Here's what you should do, and though nothing is 100% certain, there are a few basic precautions that will help to keep your WordPress site safe from these brute force attacks:
 
* Be sure your password is 8 characters or more and a mix of letters, numbers, symbols.
* Install the Limit Login Attempts plugin available free from the WordPress plugin repository.
* DO NOT have an active administrator account with the default username "admin".
* Be sure you have current backups for your wp-content directory tree and all databases.
* If you should need to restore from a backup be sure to change your password immediately.
 
If you need help with any of this feel free to contact me. I will answer any questions sent by email (thewiz@ourhutch.com) without charge, and I can be hired to actually do the three items listed above on your site if you wish.

Leave a Reply

Your email address will not be published. Required fields are marked *