Are You Neglecting WordPress Security?
Taking security for granted?
Are you taking your WordPress security for granted? Are you an ostrich sticking its head into the ground when danger lurks? Or that you are of the opinion that hacking will only happen to other sites but not yours?
To be frank, no website will be foolproof against any malicious attacks but we could take some measures to thwart the attempts of hackers. We also need to balance users’ accessibility to our website against a tight security regime.
I just came across this article from Wordfence (read more on: http://www.wordfence.com/blog/2014/02/large-distributed-brute-force-attack-underway/) that a large scale brute force attack on WordPress sites is happening, which started on 10th Feb 2014, albeit that it seems to be abating. I have extracted the article here for your easy reference:
Update at 10am EST, Feb 11th: The attack appears to be abating with brief spikes in activity. We’ve upped the amount of attacks you see on the security map on www.wordfence.com to 50% and as you can see traffic is reduced. We’re continuing to monitor this and will email an update if necessary.
As of 11am eastern time this morning we are monitoring the largest distributed brute force attack on WordPress installations that we’ve seen to date. The real-time attack map onwww.wordfence.com became so busy that we’ve had to throttle the amount of traffic we show down to 4% of actual traffic.
Starting at 11am EST this morning we saw a roughly 30 times increase in the volume of brute force attacks across WordPress websites running the WordPress.org software. The attack ramped up so quickly that we initially questioned the data we were seeing and immediately deployed code to verify that the reports we were receiving were accurate and not an attack on our own systems. Within a few seconds it became clear that the attack was in fact real and being reported from across the universe of WordPress websites.
Some definitions if you’re not in the InfoSec field: A brute force attack is when an attacker tries many times to guess your username password combination by repeatedly sending login attempts. A distributed brute force attack is when an attacker uses a large number of machines spread around the internet to do this in order to circumvent any blocking mechanisms you have in place.
Please don’t take your website security for granted as a hacked / broken website will cause you more than monetary / financial losses as it also involves your company’s reputation and your customers’ goodwill and trust! You also run the risk of delisting from Google Search engine.
Please feel free to contact us and it will be our honour and privilege to be your partner in your WordPress Security.
Remember: Better Be Safe Than Sorry （居安思危）