Security Alert
Aggressive WP Brute Force Attack Campaign
Our friends at Defiant posted this important notice about the largest brute force attack in history happening today. They suggest the following steps if you have a WordPress site:
– Install a firewall like Wordfence that intelligently blocks brute force attacks.
– Ensure that you have strong passwords on all user accounts, especially admin. Wordfence Premium provides password auditing capability.
– Change your admin username from the default ‘admin’ to something harder to guess.
– Delete any unused accounts, especially admin accounts that you don’t use. This reduces your attack surface.
– Enable two-factor authentication on all admin accounts. Wordfence Premium provides two-factor.
– Enable an IP blacklist to block IPs that are engaged in this attack. Wordfence Premium provides a real-time IP blacklist.
– Monitor login attempts by configuring alerts when an admin signs into your website. Wordfence (free version) provides this.
– Do not reuse a password on multiple services. That way if you have a password from a data breach in this new database, it won’t be the same as your WordPress admin password. You can use a password manager like 1password to manage many passwords across services.
We can help with your technology. Call Paragon today!
If you are interested in working together, send me an inquiry and I will get back to you as soon as I can!
Our friends at Defiant posted this important notice about the largest brute force attack in history happening today. They suggest the following steps if you have a WordPress site:
– Install a firewall like Wordfence that intelligently blocks brute force attacks.
– Ensure that you have strong passwords on all user accounts, especially admin. Wordfence Premium provides password auditing capability.
– Change your admin username from the default ‘admin’ to something harder to guess.
– Delete any unused accounts, especially admin accounts that you don’t use. This reduces your attack surface.
– Enable two-factor authentication on all admin accounts. Wordfence Premium provides two-factor.
– Enable an IP blacklist to block IPs that are engaged in this attack. Wordfence Premium provides a real-time IP blacklist.
– Monitor login attempts by configuring alerts when an admin signs into your website. Wordfence (free version) provides this.
– Do not reuse a password on multiple services. That way if you have a password from a data breach in this new database, it won’t be the same as your WordPress admin password. You can use a password manager like 1password to manage many passwords across services.
Read the entire story here: https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-attack/?utm_source=list&utm_medium=email&utm_campaign=121817