Worldwide Brute-Force Attack on WordPress Sites

Published by Baden Maxwell on April 21st, 2013 - in Wordpress Security

On April 11th, there was a worldwide, highly distributed WordPress attack, leaving scores of WordPress powered websites vulnerable and under threat from a massive brute-force botnet.
Wordpress Logoin Crosshairs  image
Thousands of sites using the WordPress system have been targeted in an extremely well-organized attempt to obtain admin entry by using brute-force methods (continual multiple login and password cracking attempts).

The sites that are the easiest targets and most at risk – and the ones that are consistently being compromised – are sites using the default username “admin”, sites that DO NOT have even basic security measures in place, and any sites that are unmaintained or running out-of-date extensions and plugins. The lack of basic security precautions, and inconsistent or nonexistent maintenance and updating is a major concern, and any business using the WordPress application needs to seriously evaluate its website security practices if they aren’t implementing effective measures.

Analysts are also warning that this may only be the beginning, as announcements from the group claiming responsibility for these botnet attacks, warn that they are continuing to evolve and broaden the botnet’s targeting focus.

Major tech and online security companies fear that the attackers are at this moment, working on building an even bigger botnet, one that is far more powerful than anything ever seen before.

To date, it has been reported that over 90,000 compromised IP addresses are being used to launch these attacks, with thousands upon thousands of passwords being used by these IP’s to hack into their targets.

For now, the botnet is limited to only using home PCs to spread its infection. However, reports from major hosting companies have confirmed that the attackers are targeting WordPress installations on nearly every web-host in existence, and are now attempting to use the powerful hosting servers to launch a much stronger botnet. Matthew Prince, CEO of CloudFlare, wrote;

“These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic.”

Prince referenced the “itsoknoproblembro”, or “Brobot”, botnet that started launching DDoS (distributed-denial-of-service) attacks in Sep 2012 against many major US Banks, including Bank of America, U.S. Bank, Wells Fargo and more.

HostGator has confirmed that they are a major target, with over 90,000 IP addresses targeting their WordPress machines, with many other major global hosting companies experiencing similar targeted attacks as well. Read Hostgators’ Sean Valants blog post about this brute-force flood.

As expected, the global hosting industry is working with their clients to launch counter-strike and anti-strike measures to combat this threat. But until the true extent of this threat is known, many WordPress users will find themselves extremely vulnerable in the interim.

So, what can you as a WordPress user do to ensure your safety and security?

As we said earlier, it seems the botnet is targeting sites using the “admin” username – for now! So the absolute bare minimum you need to do IMMEDIATELY, is change your password if you’re using that username. Even if your username isn’t “admin”, it’s still highly recommended that you change your password as well.

We recommend using a password that contains AT LEAST, 8 characters, with a broad mixture of letters (upper & lower case), numbers and special characters (#@&*^). Your aim is to make your password extremely difficult to crack using known dictionary words or letter/number combinations.

Once you have established a high-level secure password, it’s essential that you change your login username ASAP. For an in-depth tutorial on how to perform this task properly, CLICK HERE. If you have a webmaster that performs all your backend admin tasks, you’ll need to contact them ASAP to get this done immediately.

You should also consider installing a login attempt limiter plugin on your site. We use Limit Login Attempts on all of our sites and give it high recommendations.

As another security precaution, we also recommend you follow Hostgators procedure for WordPress Login protection measures (you don’t need to be a Hostgator customer, as long as you have cPanel access on your hosting account you’ll be able to follow the steps). CLICK HERE to follow their step-by-step procedure.

For more information on the vulnerabilities of WordPress-powered websites, check out our informative article HERE.

You can also get in touch with us and we’ll be more than happy to help you secure your site, or guide you in the right direction to get your online presence protected. VIEW OUR WP SECURITY SERVICE.

We hope that your website and online presence is secure, and that if it isn’t, you’re not affected by this henious botnet attack. If you do plan on using WordPress again in the future, ALWAYS remember to change your username from the default “admin”, and choose a password that is extremely difficult to crack.

All the best


Related News
New DDoS Attacks Hit Game Sites

DDoS Attacks on Major US Banks Resurface

DDoS Attacks Against US Banks Peaked at 60Gbps

Lessons Learned from the US Financial Sector DDoS Attacks


Grow YOUR Business With Mobile Marketing

Published by Baden Maxwell on April 17th, 2013 - in Mobile Marketing

Recent mobile marketing stats show that mobile internet usage is skyrocketing, and experts predict this trend to continue well beyond 2014 when mobile internet use is expected to exceed desktop usage.

As a business owner, AND mobile device user, I’m sure you don’t need any stats to recognize that the move towards mobile internet connectivity is changing the way companies do business. Not only is it becoming cheaper to promote and market – especially online – but by utilising mobile, the likelihood of marketing messages reaching our target markets is becoming incredibly quick – even INSTANT.

Our infographic quickly illustrates the effectiveness of mobile marketing, and shows you some great benefits to having a mobile online presence.

To learn how you can benefit from mobile marketing, go ahead and give us call and CONTACT US TODAY for a FREE, No Obligation consultation.

Mobile Marketing Infographic


Mobile Websites – Why It’s ESSENTIAL To Be Mobile Friendly

Published by Baden Maxwell on April 1st, 2013 - in Mobile Site Design

The world has gone mobile! And there’s NO going back now!

Over the last couple of years, we’ve been experiencing an incredible EXPLOSION in the number of mobile phones and other devices that are capable of connecting to the Internet, and it has completely changed the way people search for information when choosing business services and products in their local area.

Recent studies have shown that there are over 5 billion mobile phones in use worldwide, and more than 1 billion of those are Internet-enabled. Most mobile phone producers don’t even bother making phones that aren’t capable of Internet connectivity anymore.

Never before has it been so important for businesses to have an online presence than now. And not just any online presence, but one that is “mobile-friendly” and designed first and foremost with mobile device users in mind!

Having a website that is optimised for mobile-visitor viewing has become such an essential part of 21st century marketing, that if you’re NOT keeping up with the change to mobile-search behaviour, you’re going to be missing out on a HUGE amount of business. So, if your website is NOT up-to-date enough to be compatible with mobile, you’re most likely frustrating your mobile visitors with a poor viewing experience and losing them to a business that has a mobile-optimised website that’s easy to view and navigate on a phone or tablet.

If you’re currently in this situation, you are in luck! We’ve written a short report detailing the mobile search market and how you can generate more business by capitalising on this essential marketing sector. In our report you’ll discover:


  • Why it’s ESSENTIAL for you to have a mobile website in today’s business climate
  • How to capitalise on the HUGE mobile search market
  • The IMMEDIATE benefits to your business from capturing the attention of mobile visitors
  • 7 CRUCIAL aspects mobile website design to maximise the business your site generates
  • And much more!

We highly recommend you grab your FREE copy today and learn how you can capture your share of business from mobile-internet searchers. Hopefully we can shed some light on the mobile marketing arena so you can increase your profits through this incredibly powerful marketing medium.

Download your FREE copy here: Mobile Website Design Report

Mobile Website Design Report


© iWEB Marketing NZ
All Rights Reserved 2013.