Attack on wordpressWe have recently noted that, there is an on going and highly distributed DDOS global attack on wordpress installations to crack open admin accounts and inject various malicious scripts. To give you a little history, we recently heard from a major law enforcement agency about a massive attack on US financial institutions originating from our servers. We did a detailed analysis of the attack pattern and found out that most of the attack was originating from CMSs (mostly wordpress). 

Further analysis revealed that the admin accounts had been compromised (in one form or the other) and malicious scripts were uploaded into the directories. 
 
 Today, this attack is happening at a global level and wordpress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IP’s used are spoofed), it is making it difficult for us to block all malicious data.

To ensure that your websites are secure and safeguarded from this attack, we recommend the following steps: 
  1. Update and upgrade your wordpress installation and all installed plugins Install the security plugin listed here Ensure that your admin password is secure and preferably randomly generated Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress 
  2. These additional steps can be taken to further secure wordpress websites: Disable DROP command for the DB_USER .
  3. This is never commonly needed for any purpose in a wordpress setup Remove README and license files (important) since this exposes version information 
  4. Move wp-config.php to one directory level up, and change its permission to 400 Prevent world reading of the htaccess file 
  5. Restrict access to wp-admin only to specific IPs A few more plugins – wp-security-scan, wordpress-firewall, ms-user-management, wp-maintenance-mode, ultimate-security-scanner, wordfence, http://wordpress.org/extend/plugins/better-wp-security/.
  6. If possible, you can backup the data and make a fresh installation and then apply all above security measures.


Friday, April 12, 2013







Try Free Hosting
30 Days
Free SSL Certificate
30 Days

Latest Announcements

Choose More Relevant Domain Name - 26/01/2014

Global attack on all WordPress website installations - 12/04/2013

Domain Registration - Promotional Discounts (India Rs) at Checkout Host - 31/03/2013

Free web hosting with all new domain name registrations - 02/12/2012

Free Hosting with every .NET Domain! - 30/07/2012

Cheap SSL Certificates in India (INR) - 04/06/2012

India Register .IN Domain in Rs.110 only, Last Chance!! - 02/06/2012

Get 50% Off on .ORG Domains for the entire month of March 2012 - 17/03/2012

Register .MOBI Domains in $11.99 only - 15/03/2012

Register .BIZ Domains in $10.99 only - 15/03/2012