WordPress / Site Hell, Hopefully Getting Better
All of my websites have been a mess this weekend as there has a been a worldwide brute force attack occurring for several days on WordPress admin accounts. I avoid most of the common mistakes (using the default user name, simple passwords, etc) so I don't think anyone has breached a site but the constant calls of the login function acts effectively like a DDOS attack, flattening my server.
I have put in place some extra code to detect brute force attacks and temporarily and even permanently ban IP's. Since attackers don't just sit in a single IP in Russia any more but use shifting and spoofed IP's, you may at some point find yourself locked out. Email me if that happens.
CTD:
Coyote, get WordFence: https://wordpress.org/plugins/wordfence/
It has a lot of awesome security features to prevent/mitigate just this kind of attack.
Get your site on CloudFlare: https://www.cloudflare.com
They block a TON of nastiness at the DNS level, so it never touches your server.
October 22, 2014, 9:10 am