Menu

• Dictionary
• Hot Shots

Directory

• Sponsors
• Billing Options
• Content Providers
• Web Hosting
• Traffic Counters
• Website Designers
• Resource Sites

Well this has been an interesting week.

If you missed my column over on Porn Resource earlier this week you missed the news that a number of WordPress sites on one of our servers was under what the guys at the server called "a massive" brute force attack.

This attack wasn't aimed at slowing down the server or preventing sites from loading. This attack was aimed at breaking into the backends of the sites being attacked so that whoever was running the attack could play around with what he or she found.

Actually I wasn't all that surprised when one of our techs contacted me to let me know what was happening because, like so many other WordPress sites around the planet, just about all of the WordPress sites we have or host have been under a fairly low-level attack for many months.

None of those low-level attacks worked because we've got everything locked down quite tightly so I thought that it would be only a matter of time before we really annoyed someone and they unleashed some serious firepower on us ... and this week just happened to be the week it happened.

Even without intervention from the guys on the server the attack was going nowhere but the size of the attack was causing other problems so the guys on the server put a block in front of domainname.com/wp-admin so no one was even getting to that page and the attack eventually seemed to fade away.

Of course we sent out an email to all our clients to let them know what was happening and some of the responses were interesting. One client decided that because her site was amongs those that were under attack the trojans that she had picked up recently on her computer must have come from us.

I guess some people just don't read everything in important emails and some people are just asking to be invited to take their business somewhere else.

Another client decided that the email was too long and there were no pictures so she wouldn't bother reading it at all. Yes ... you guessed it ... she is blonde. I didn't have the heart to tell her that her site is so boring that no one has ever tried to break into it.

But now that the attack has faded away my partner and I are doing a little mental review of how the sites stood up to the attack and we've decided to increase the security on the WordPress sites we own or host.

Nearly all of those sites had the Wordfence plugin installed and we're very happy with the way it worked. We also have a captcha plugin installed for the log in page and that is definitely staying too ... but there's more we could do.

In the past we've played around with the Better Security plugin on a couple of sites and I like the way it gives you the option of changing the URL for the wp-admin login page to something quite different. That brute force attack we just dealt with was aimed at the that particular page so Better Security might be the way to go. If they can't find the right URL they can't break in.

Unfortunately installing the Better Security plugin takes some time ... it's not just "activate and you're done" ... but I have a feeling that it will definitely be worth it because I'm sure that we will see more of these attacks. Spending a little time now to avoid spending a lot of time cleaning up a mess seems like good sense to me.

In the middle of the attack ... while we could do little more than just sit around and wait for it to stop ...I found another plugin that may be worth looking at too. Security-protection is a plugin designed specifically to stop brute force attacks.

Does it really work? Well all five people who voted for it seem to absolutely love it but I wouldn't be swept away by just five votes. Instead I'm going to send it off to two of our coders so they can play with it and give me their opinion.

So what security measures have you got in place to protect your WordPress sites? You know that if you're doing porn with WordPress then you are going to be seen as a really juicy target by hackers who want to build their botnets.

So what are you doing to protect yourself and your surfers? While WordPress must be to hackers what a blood bank is to Dracula there are no shortage of free and effective plugins to keep the hackers out so do the sensible thing and protect yourself.