Security Alert for WordPress-based Websites - Recently there was a worldwide and highly-distributed brute-force attack against WordPress-based websites. This attack was known for using spoofed IP addresses and guessing most commonly-used passwords. During the attack we actively blocked the most common attacking IP addresses across our servers. Unfortunately during the last wave of this attack several website were compromised.
Here are some steps you can take to prevent similar attacks:
1. STRONG PASSWORD
Use a strong password! A strong password is necessary to protect your website. Please read suggestions for good passwords on this page [ http://codex.wordpress.org/Brute_Force_Attacks#Good_Passwords ].
2. DON'T USE THE 'admin' USERNAME
If you are still using this username please change it as soon as possible.
3. INSTALL THE FOLLOWING PLUGIN
This plugin is used to limit the number of login attempts made on your site, or block people from accessing wp-admin [ http://wordpress.org/plugins/limit-login-attempts/ ].
4. PROTECT THE wp-login.php FILE
There are two (2) steps for accomplishing this. First you need to define a password in the .wpadmin file, and then you activate the security in the .htaccess file. Please download this file for detailed instructions [ http://www.skgoldhosting.com/web-hosting-clients/dl.php?type=d&id=7 ].
5. ACTIVATE CloudFlare IN YOUR cPanel
It will give you an additional and good layer of security. CloudFlare is located in the Software/Services section in your cPanel and takes only a couple of minutes to activate.
6. KEEP YOUR WORDPRESS INSTALLATION UPDATED
Always keep your WordPress installation and related plugins updated to the latest and secure versions.
All the best,
Monday, June 24, 2013