WordPress Global Brute Force Wp-Admin

Posted: March 21, 2015 in Information security

2000px-WordPress_logo.svg Security !

this Week I was doing searching for security in information technology so i found one website in that writer discuss the latest  WordPress Global Brute Force Wp-Admin attack because WordPress  become hot favorite these there are many website power by wordpress because of this  it believed that why many wordpress website are under attack

there few steps from that we can improve our security of our blog or website

1. If your password wasn’t long and complex enough, it’s good if you change it for more complex combination. Adding some special characters such as @#*$&%^! is a good idea.

2. Remove the “Drop” or Alter or Update privileges on your MySQL user

3. Install wordpress plugin to tighten your WP engine, such as WP security scan, WP firewall 2, TimThumb vulnerability scanner, Exploit Scanner, SI Captcha. One Example:https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

Another method to mitigate WordPress Global Brute Force Wp-Admin you can use Htaccess Password protect:

1. Generate the password file here: http://www.htaccesstools.com/htpasswd-generator/ and save in your wordpress folder as .wpadmin.

2. Insert this code in your .htaccess file.

ErrorDocument 401 "Unauthorized Access"
ErrorDocument 403 "Forbidden"
<FilesMatch "wp-login.php">
AuthName "Authorized Only"
AuthType Basic
AuthUserFile /home/username/.wpadmin
require valid-user
</FilesMatch>

change /home/username/.wpadmin to your folder structure.

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s