Further steps to combat the world-wide brute force attempts against WordPress

As you may already be aware, the brute force attack on one of the most popular CMS worldwide – WordPress, is still in progress, and has reached world-wide scale. The consequences of this attack are seen not only by our company but by basically any company that provides hosting for WordPress sites. As a rule, we are able to address or filter similar attacks without much trouble, but the current situation is different in scale and the level of resources invested into it.

At the moment, we have taken a large number of measures to mitigate the results of this attack, but the situation is worsened by several facts:

1) first of all,the attack is launched from spoofed IP addresses, and blocking these IPs doesn’t have any long-term effect;
2) the attack’s algorithm is extremely sophisticated, and is constantly evolving: all our attempts to reduce the consequences of the attacks which were functional an hour ago, are reduced in effect by each new evolution and change in the attack’s pattern;
3) the amount of compromised websites grows with each day (mainly websites with weak or default passwords and login credentials), malicious scripts are uploaded to these sites, and these scripts cause a highened network activity and system resource consumption, which influences the function and speed of all services of a hosting server.

We are constantly monitoring the current situation, and implementing the necessary countermeasures to pro actively deny the attackers the opportunity to compromise the WordPress installations located on our servers, but we’d like to ask you to peripherally assist us in mitigating this difficult situation.

What you can do:

No in-depth technical knowledge is necessary for this. Below, you can find a directive which will allow you to increase your WordPress websites’ security, and lower the summary load conditions on the hosting server, caused by the brute-force attack on WordPress installations, through a complete access filtering to your WordPress dashboard login interface for third-parties, and allow access to this interface for your IP address and the IPs of your users, only. This is a useful security measure not only during the current brute-force attack, but also at any given time, since it strongly increases the difficulty of compromising your WordPress site’s admin area. We’d like to point out that the directive listed below will limit access only to the dashboard login interface of a WordPress website, and not the website as a whole, or any other of it’s components.

All that must be done is to add the following rule to the beginning of the “.htaccess” file, which is located in the directory with your WordPress site:

<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from xxx.xxx.xxx.xxx
</Files>

“xxx.xxx.xxx.xxx” – this is your IP address, which you can find by simply visiting this website. Please indicate the IP you see there instead of xxx.xxx.xxx.xxx.

We also strongly urge you to set a difficult-to-guess password for any admin users you may have, and update all components of your blog, including the WordPress engine itself, and all installed plugins, in a timely manner.

You can also find useful information on securing your WordPress website at the official WordPress site.

As always, we are here for you:

If you encounter any difficulties in implementing the measure suggested above, please simply contact our support team via our helpdesk, and we would be glad to assist you in making the necessary changes.