WordPress Under Attack

Posted on

  • email
  • twitter
  • facebook
  • share this

share this

Internet professionals using Wordpress have been under attack for the last few weeks but only now is it being widely reported.

Numerous security experts have issued warnings recently about the botnet, a brute-force password-guessing attack against sites that are powered by the popular blogging and content management system and the providers that host those sites.

What makes the broader attack so malicious is that infected sites are seeded with backdoors that let the attackers control the site remotely. The compromised sites are then forced to launch password-guessing attacks against other sites running Wordpress. Scary.

According to Web site security firm Incapsula, those behind the attack are scanning the Web for WordPress installations, and attempting to log in to the administrative console at these sites using a list of commonly-used username and password combinations.

Web hosting provider HostGator last week suggested that the problem has grown to include more than 90,000 compromised sites.

Cloudflare CEO Matthew Prince last week said in a blog post that the tactics employed in this attack were similar to those used in the so-called itsoknoproblembro/Brobot botnet which, in the Fall of 2012, was responsible for a series of cyber attacks against US financial institutions.

If you're a Wordpress user, make sure to change administrative passwords immediately and make sure those password meet the security requirements set forth on the Wordpress site (upper and lowercase letter, at least eight characters long, and includeing special characters.

Login To Comment

Become a Member

Not already a part of our community? Sign up to participate in the discussion. It's free and quick.

Sign Up


AlpineWAV 04-15-2013 3:54 PM

While most of us that manage WP accounts have been aware of this for a couple of weeks, it would have been a better article if you had provided a detailed account of the files that are being hacked/changed and steps to clean up the mess.  Just having a secure password is not enough to stop this particular attack as it is happening at the server and mySQL level en masse.

Tommy Landry 04-15-2013 5:21 PM

Agree with Alpine WAV - we are seeing varied behavior across our client site built on WordPress and are unsure where to start. We are already removing all unneeded themes, plugins, etc. and digging through the files to find anomalies. How can we best hone in on the right place?

ChrisK 04-15-2013 6:09 PM

Although embarrassing, one would think WordPress would weigh in on this with some form of acknowledgement or assistance.

Pete Prestipino 04-16-2013 5:34 AM

This was more of a notification to the community that the situation has been (and is still) happening. I've actually seen the attack first hand so will take the suggestion to write up how it (the hack) was mitigated in WM's Wordpress Wednesday column tomorrow - along with numerous other security suggestions for Wordpress usres/sites. And I agree ChrisK - Wordpress' silence is not encouraging.

StephenD 04-16-2013 3:08 PM

This has happened to me more than once lately. One of the tools I have started to use is a Brute Force plug in that slows down the log in attempts and tracks Ip addresses.

It's free and every WP site should have one installed.

AlpineWAV 04-16-2013 3:33 PM

You have better odds of winning the Powerball (1 in 175,000,000) than getting WP to weigh in on anything, especially how un-secure it really is.  Now more than ever, I am doing more WP sites than Joomla because it is the "buzzed" flavor of the day.  That being said, Joomla is far more secure than WP, but that's a topic for another day.

Here's some info I rely on for WP security...

WP Secure (http://www.wpsecure.net/) is an up-to-date website containing information about WordPress security vulnerabilities which maintains a list of all of the latest WordPress security vulnerabilities from themes and plugins from WordPress.org. As well as listing security exploits, WP Secure has tips on security, advanced security, a server guide and security plugins.

Better WP Security is a must have plugin for all WP sites - wordpress.org/.../better-wp-security It does so many great things to protect your website that you just need to go to the page to see.

BackWPup is good to have for creating backups if you dont already do this at the server level for files and db, just in case you get hacked.  Backups are free and not to time consuming so creating a backup after every update to your site is easier and less costly than if you get hacked and your backup is 30+ days old.

The other thing is making sure you stay on top of updates to WP, themes and plugins.  All that being said, if the attack is "sneakin' Sally through the alley" of your hosting servers back doors through other clients "unsecure" files and db's then the odds are still pretty good that you may still be affected in some way.  Stay diligent my friends!

DwainJ 04-16-2013 3:54 PM

I had one site hacked.. easy to spot in ftp as the add new directories..

This one had .php files named sql, youn, joom, and defaced.html, among other (including new folders). Also added a MaY_blog_DB.sql file.

It locked me out - so I went into the database and changed back user.. then ftp'd in and deleted the files..

All OK now..never fun.

Now all my wordpress have had admin user =name changed along with login security added.

Also, Rackspace has taken steps to add a double authentication now, so you get a prompt at login.. need to go to the url shown to get user pass to continue.. it is not yours.

Hope this helps.

Jeff G. 04-17-2013 5:55 AM

We have gotten hacked twice now because our clients used easy passwords. We recommend installing the Better WP Security plugin. Simply hitting the "Basic Security" button will help out tremendously. It is very advanced and allows you to change the database prefix, default admin user, default user id, and even makes changes directly in your .htaccess file to rewrite dashboard urls. It's pretty robust.

Add to the discussion!

999 E Touhy Ave
Des Plaines, IL 60018

Toll Free: 1.800.817.1518
International: 1.773.628.2779
Fax: 1.773.272.0920
Email: info@websitemagazine.com