WordPress Sites Exploited Through Brute Force: 3 Simple Ways to Protect Yourself from the Attack

6
109

During the past week we noticed an abnormal increase of brute force attacks targeting WordPress applications.

The attacks use automated scripts that attempt to login to WordPress default admin page using common usernames and passwords.

The brute force attacks originate from a large number of sources consisting of both legitimate web servers and private home computers. Several reports have been published which have positively identified almost 90,000 attacking sources.

Once a username and password is successfully guessed by the attacking script, it uses the gained admin credentials to upload a malicious script to the compromised server.

While many of the brute force attempts were unsuccessful in guessing the admin credentials, the high volume of the attacks has caused excessive resource utilization to the servers hosting the WordPress applications, resulting in unresponsiveness to legitimate users for the duration of the attack.

Mitigation Recommendation

In order to mitigate the attack, WordPress servers are encouraged to use the following preventive measures:

Our ERT team confirmed 2 additional protection methods that may effectively mitigate the attacks. Since the attacks use common wordlists to perform the brute force, one method is to use JavaScript Web Challenges. This method has been proven to be successful in dropping the automated brute force tools while allowing legitimate JavaScript compliant clients to access the site. (Note that it is important to verify that legitimate clients support JavaScript in order to prevent false positives).

The second is to use an abnormal applicative behavior detection appliance that secures Web applications. This can block these brute force attacks by detecting multiple unsuccessful login attempts to the WordPress login page originating from the same source in a short time period. The malicious sources can then be suspended or blocked for configurable timeframes.

Additionally, in scenarios where shared IP`s are used (i.e proxy servers), a Throttling policy can also be applied in order to allow legitimate users to access the login page while effectively blocking malicious requests originating from that same IP address.

6 COMMENTS

  1. These days of austerity along with relative stress about having debt, many people balk contrary to the idea of making use of a credit card to make purchase of merchandise as well as pay for a vacation, preferring, instead just to rely on the actual tried as well as trusted means of making repayment – hard cash. However, if you possess cash on hand to make the purchase in full, then, paradoxically, that’s the best time to be able to use the credit cards for several good reasons.

  2. I’ve learned many important things through your post. I will also like to state that there may be situation that you will make application for a loan and never need a co-signer such as a Fed Student Aid Loan. However, if you are getting a loan through a classic bank then you need to be prepared to have a co-signer ready to assist you. The lenders may base any decision using a few components but the largest will be your credit history. There are some lenders that will as well look at your job history and determine based on that but in almost all cases it will hinge on your report.

LEAVE A REPLY

Please enter your comment!
Please enter your name here