Over the past several days, I’ve seen a great many news articles about a bot based brute force attack on WordPress (and Joomla) based websites where the bot uses common password choices and attempts to login with the username “admin.” Mind you, we are talking about hundreds, perhaps thousands of these common passwords and coming from tens of thousands of compromised servers. The effort being to gain access to the server and then use the administrator site to add other files and code changes which further compromise the use of the website completely. You really need some WordPress Security.
Having already written about other hacking effort increases of late, I am bothered that yet again these content management systems are being hit with what amounts to the use of wasted talent; hackers show intelligence and problem solving skills, why not put them to use in a way that doesn’t harm others? Thankfully, the open source community is quick to respond and build tools needed to protect websites from such harmful efforts.
Better WP Security from Bit51.com is an excellent add on to your WordPress website. It was written long before this current wave of brute force attacks, and is something I would recommend all WordPress websites use from day one. It relies on both htaccess changes for blocking known bots and other file changes that remove vulnerabilities outright and through obfuscation.
Here is a list of some of the things this tool does:
- Enforces stricter passwords for users at any level you determine.
- Removes the backend file editor.
- Scans the site for recently changed files and emails a report to you if there are such intrusions.
- Blocks repeated login attempts.
- Blocks SQL injection attempts.
- Makes backups of your database and mails them to you are regular intervals
This is open source work at its finest. It is free to use, but the developer does provide a means of paying him for his work — which I’d highly recommend doing as this tool is really quite will constructed and extremely valuable.