Wordpress websites across the world being targeted

[unclex]

"Wordpress administrator area access disabled temporarily due to widespread brute force attacks"

This is the message you will get if you try to login via wp-admin.php

You need to change the .htaccess file located in your wordpress directory root.

Put your own IP in x.x.x.x


<Files ~ "^wp-login.php"> Order deny,allow Deny from all Allow from x.x.x.x </Files>

[Rick Sanchez]

Is this a security hole in the latest version?

[unclex]

No it is a brute force attack - I am currently looking at the log on my server as I run a number of WP sites - looking like China

Install limit login attempts plugin

[theodotcom]

All of my sites on my server are running fine and I can log in without issues. is it specific countries of servers? can't find much about this online

[Mobileman]

im running AES level password is it worth installing the plugin Unclex ?

[theodotcom]

mobileman are you able to login to yours normally?

[unclex]

Servers based in the US

[unclex]

Working on them right now and getting hit

[theodotcom]

ahh ok, my server is based in UK, maybe thats why, hopefully they're ok, cannot be bothered to start going through a load of sites.

[unclex]

They have not broken in - they are trying hahaha

[unclex]

Ukraine, USA and other IP addresses

[unclex]

http://krebsonsecurity.com/2013/04/b...dpress-botnet/

All finished fo me - just have a massive list of IPs and failed login attempts

Next

[DJ OD]

Simple but effective hack method, but why word press sites? Just to annoy ppl?!

These days, hacks usually have a reason. Often fluffy politics.


DJ OD

[unclex]

It has all started again - can not login