Comments on: Brute Force Attack Hitting WordPress http://wpblogger.com/wordpress-brute-force-attack.php All things WordPress Tue, 07 Sep 2010 14:53:57 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Sebastian http://wpblogger.com/wordpress-brute-force-attack.php#comment-1307 Sebastian Mon, 30 Nov 2009 23:15:55 +0000 http://wpblogger.com/?p=375#comment-1307 Ben, you can use LIMIT (requiring a valid usr:pw for access to wp-admin) from any place. In addition, you can make use of a somewhat unique and not that guessable GET variable to restrict access to the wp-admin directory. Or, just use a proxy ... there are so many solutions. Ben, you can use LIMIT (requiring a valid usr:pw for access to wp-admin) from any place. In addition, you can make use of a somewhat unique and not that guessable GET variable to restrict access to the wp-admin directory. Or, just use a proxy … there are so many solutions.

]]> By: Ryan Beale http://wpblogger.com/wordpress-brute-force-attack.php#comment-1306 Ryan Beale Mon, 30 Nov 2009 23:07:22 +0000 http://wpblogger.com/?p=375#comment-1306 Cool. Thanks again! Cool. Thanks again!

]]> By: Ben Cook http://wpblogger.com/wordpress-brute-force-attack.php#comment-1305 Ben Cook Mon, 30 Nov 2009 23:03:06 +0000 http://wpblogger.com/?p=375#comment-1305 Ryan, from what I've read that should safeguard you from this specific threat. I'm not sure how widespread it is just yet but when a script is released into the wild like that, there tend to be plenty of people willing to give it a try. Ryan, from what I’ve read that should safeguard you from this specific threat. I’m not sure how widespread it is just yet but when a script is released into the wild like that, there tend to be plenty of people willing to give it a try.

]]> By: Ryan Beale http://wpblogger.com/wordpress-brute-force-attack.php#comment-1304 Ryan Beale Mon, 30 Nov 2009 22:32:23 +0000 http://wpblogger.com/?p=375#comment-1304 Thanks for the heads-up. I use the Login Lockdown plugin and changed the admin user name to a new one. Hopefully, that will be enough to fend off the attack Thanks for the heads-up. I use the Login Lockdown plugin and changed the admin user name to a new one. Hopefully, that will be enough to fend off the attack

]]> By: Ben Cook http://wpblogger.com/wordpress-brute-force-attack.php#comment-1303 Ben Cook Mon, 30 Nov 2009 22:12:32 +0000 http://wpblogger.com/?p=375#comment-1303 Sebastian, yeah, that would be a very good solution for bloggers who do most of their blogging from one place. Unfortunately, I log in to work on my sites from all sorts of places including plenty of networks via my iphone so that solution wouldn't work well for me. Sebastian, yeah, that would be a very good solution for bloggers who do most of their blogging from one place.

Unfortunately, I log in to work on my sites from all sorts of places including plenty of networks via my iphone so that solution wouldn’t work well for me.

]]> By: Sebastian http://wpblogger.com/wordpress-brute-force-attack.php#comment-1301 Sebastian Mon, 30 Nov 2009 21:35:19 +0000 http://wpblogger.com/?p=375#comment-1301 Also: .htaccess and .htpasswd are your friends. Order Deny,Allow Deny from all Allow from your_ip_addy .htaccess in wp-admin: AuthUserFile /out_of_reach_for_web_server/.htpasswd AuthGroupFile /dev/null AuthName "GFY" AuthType Basic require valid-user http://httpd.apache.org/docs/1.3/programs/htpasswd.html Also: .htaccess and .htpasswd are your friends.

Order Deny,Allow
Deny from all
Allow from your_ip_addy

.htaccess in wp-admin:

AuthUserFile /out_of_reach_for_web_server/.htpasswd
AuthGroupFile /dev/null
AuthName “GFY”
AuthType Basic

require valid-user

http://httpd.apache.org/docs/1.3/programs/htpasswd.html

]]>