WordPress sites under huge Botnet attack
CloudFlare, the web performance and security startup, has had to block 60 million requests against its WordPress customers in just one hour, and looking at the Securi report on SUBSET‘s dashboard, it’s been busy blocking access attempts over the past few days.
The requests are carried out against administrative accounts from a botnet supported by more than 90,000 seperate IP addresses attempting to gain access using the username ‘admin’ and trying thousands of passwords.
The official CloudFlare blog post reports, “These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating signifcant amounts of traffic.”
There are a variety of ways in which you can help prevent an attack on your WP site such as ensuring your pasword includes upper and lowercase letters, is at least eight characters long, as well as it including ‘special’ characters (^%$#&@*).
It’s also best practise to change your username from “admin”. If you’re running your blog from WP.com, turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress.
CloudFlare have created a free plan, which is available to all users (free and paid), that offers automatic protection. Needless to say, I’ve just this moment finished signing GN up to it.
Be careful out there.