So, you got hit by the wordpress attack yesterday. I did, you did. We all did.
Freaked out yet? It was a huge botnet trying to crack your password
Anyone who doesn't know, a botnet is a large number (usually over 100,000) of computers all infected by some form of an attack, that can be remote controlled. The botnet yesterday was around 100,000.
Things you can do to protect yourself against it.
First off:
Get word-fence plugin. Absolutely critical. This runs daily integrity checks, to check for changes.
Second off:
Get a host that actively manages attacks
I personally use inmotionhosting
You can find it here
You can get inmotionhosting pretty cheap if you use the coupon code 24DOLLARSOFF
They're *extremely* fast, faster than any other shared host I've found.
Using inmotionhosting will make you immune to this type of attack. They actively will shut down a page that's currently under attack for 15 minutes, which then it's rechecked for the attack. The page is useless anyways if it's being slammed, so this does nothing but help.
Third off:
Get OSE firewall:
You primarily want this for directory traversal checks.
Combined with word fence, and a good host that has apache that uses mod_security like inmotionhosting (see above)you'll be fine. Some other alternatives are bluehost, or dreamhost.
Don't use a 2nd rate host, you'll regret it.
If that's not enough for you, you can use *part* of better WP security. This is complicated to setup with the other services in place, so I am not going to cover it today.
Fourth : Do not use admin as an account name.
Fifth : Consider using cloudflare. It's a great security tool, and it can make slow sites faster. It's downside, is that it makes already fast sites slower.
Doing these will make you not only resistant, but completely immune to these types of attacks.
I'd love to hear some comments below
No comments:
Post a Comment