Resource Wordpress is experiencing brute force attacks - change passwords now

[Michelle Mangen]

This blog is from Hostgator but the brute force attacks are NOT just happening to them.

They suggest changing passwords immediately (and to very secure ones).

Read more here.

 

[JustAThought]

Re: Wordpress is having brute force attacks - change passwords now

I changed it, thanks for the heads up.

 

[JoCarole]

Re: Wordpress is having brute force attacks - change passwords now

Thanks Michelle, I actually get the HG blog but didn't get to read it yet so your timing was great!

 

[Michelle Mangen]

Re: Wordpress is having brute force attacks - change passwords now

Michele & JoCarol - absolutely Figure it's better to see it multiple places than to not see it at all. Since I saw it so late in the day on Friday I went ahead and changed a few client passwords and emailed them the article. Better safe than sorry. I suspect one client's was hacked earlier in the week because I wasn't able to log into his dashboard to do some posts.

 

[sarahdavey]

Re: Wordpress is having brute force attacks - change passwords now

Thanks for sharing this! Like you said, better safe than sorry!

 

[lisa4jvs]

Re: Wordpress is having brute force attacks - change passwords now

Thanks Michele!

My administrator changed my passwords a day or so after finding out about the attacks. I did have a flip side of this that was funny to me. Passwords he could change, but it took over 8 months to get the contact form on my site repaired! :shocked:

 

[lavonjs]

Re: Wordpress is having brute force attacks - change passwords now

Thanks for sharing Michelle!
I use Hostgator, and get emails almost daily (numerous ones) of hosts being locked out of my site.
I had a secure password on there, but then noticed a few things were different so I changed my password.
It was amazing how many more lockout notifications I received after I changed it!
It's so frustrating!

Thanks again for sharing the blog article on it. And in a way, glad to hear I'm not the only one experiencing this issue.
Even though it stinks that any of us are

 

[chelseywash]

Re: Wordpress is having brute force attacks - change passwords now

How did you find out about this? I have a WordPress site and haven't heard anything.

 

[Michelle Mangen]

Re: Wordpress is having brute force attacks - change passwords now

Lisa, at least he responded to the "urgent" issue but not so good that it's taking so long to get your contact form done. Is it that hard???

Lavon, how frustrating that must be. Has it all settled down now?

Chelsey, I found out from Hostgator's blog post (the one in the main thread posting but here again) I initially saw the post on Facebook.

 

[chelseywash]

Re: Wordpress is having brute force attacks - change passwords now

Thank you for the follow up. Good to know. I"m not quite sure why people have to do things like this.

 

[lavonjs]

Re: Wordpress is having brute force attacks - change passwords now

Michelle-
It has settled down, thank goodness! I haven't gotten any emails about a site lockout since the day after I changed my password.
But of course, I'm constantly checking it for anything out of the ordinary.

 

[Michelle Mangen]

Re: Wordpress is having brute force attacks - change passwords now

That's great news, Lavon! I should Google it to see if anyone has posted any updates to the situation. Hopefully it's not as dire as what they were thinking - though based on some other articles I was reading it was pretty scary for the hosting companies because of the assumption they are hacking WP sites to gain access to servers.

 

[ChristinaVOS]

Re: Wordpress is having brute force attacks - change passwords now

One of my completed, but inactive, sites was womped and the hack removed all content, all images and all users. Had to go into my database files through my host to get back in. Luckily it was an inactive site and I was going to change all copy once I got back to it anyway but what a pain for anyone whose active site got hit.

I already had login limits in place, regular backups done and strong passwords used on all my and my clients sites(except for that one) so that was my only casualty.

Some helpful hints:
~NEVER keep "admin" as a user
~Super strong passwords- one of mine is the first two lines of my fav song with the first & middle name of a distant relative with a couple odd characters thrown in. It's long and complicated
~I use Better WP Security plugin on all sites- make sure to set up auto-backups to be emailed to you and limit login attempts

Stay safe!

~C

 

[Michelle Mangen]

Christina,

That is unfortunate but "luckily" not a live site.

Does the Better WP Security plugin limit "overall" login attempts or certain # from an IP address?

I use http://passwordsgenerator.net/ for my password and went with the max of 50 characters for my new login. No, I'll never remember it but I have it locked up safe and sound in my Passpack account.

 

[ChristinaVOS]

Yes it locks overall login attemtps which you can set the parameters. Then you have the option if an ip is locked out x amount of times- the ip can be blacklisted forever.

I like the option of being able to remember my passwords because sometimes I need to login to something on a diff device for whatever reason and I wouldn't be able to if I had no clue I have 3 different passwords that are all totally different but then I can use variations of each for sites so no two sites have same exact password.

~C

 

[Michelle Mangen]

Yeah, that wouldn't work so well if you couldn't remember them at all. I had that happen to me with my two-step Google authentication when I bought my new phone. I couldn't finish set up at the store.

 

[fab23]

Use this site to generate good passwords http://www.freepasswordsgenerator.com/