Hi I received a notice of :
“A large distributed brute force attack against WordPress websites is understood to be occurring recently across the internet. A large botnet with thousands of attacking servers is attempting to log in by cycling through different usernames and passwords to get into the WordPress Admin dashboard. This is a global attack which is affecting thousands of servers globally”
Among the precautions on passwords, and Ips and server protection on the server end is the installation of the two following plugins:
Are these safe to install on the standard CBox theme? Is anyone running them? We would like to do this sooner rather than later. Thanks.
Limit Login Attempts appears to be too old and not effective:
Some people in that thread recommend this instead:
Thanks @Ray, so I will go ahead with this one.
Should we add http://wordpress.org/extend/plugins/better-wp-security/also? It seems this second one was updated a few days ago, and takes care of modifying some WP routes that hackers/spammers may take, making it more difficult also. what caught my attention also was the renaming of admin accounts which seem to be the target…
I’ve got Better-WP-Security working side by side with WordFence on a BuddyPress (but non-CBox) site without any apparent issues. I’d say that WordFence functions more like a firewall, while Better-WP-Security is more directed to locking down vulnerabilities on your site (admin accounts etc.). Both have value and if you can get them going without breaking anything else, I don’t see a downside!
Thanks @brock-n WordFence indeed seems quite powerful.
Would WordFence + Better wp security work together with Wanguard? I suppose they are three different things, Wangguard working on the origin of the threat…
I’ve been using WangGuard without any apparent conflicts with the other two packages, but on a non – CBOX site (just buddy press). Give it a try! 🙂
Just to let you kow, after installing better-wp-security and changing my username from admin to something else, that I lost all my friendships, access to my personal activity (though still appearing in general activity) and access to groups (which was not much of a problem as I could join the public ones and self promote myself to admin. For hidden ones I had to ask someone to reinvite me in.
You must be logged in to reply to this topic.