As of 11am eastern time this morning we are monitoring the largest distributed brute force attack on WordPress installations that we've seen to date. The real-time attack map on www.wordfence.com became so busy that we've had to throttle the amount of traffic we show down to 4% of actual traffic.
A brute force attack is when an attacker tries many times to guess your username password combination by repeatedly sending login attempts. A distributed brute force attack is when an attacker uses a large number of machines spread around the internet to do this in order to circumvent any blocking mechanisms you have in place.
If you're using the free or paid version of Wordfence you should have the option to "Participate in the real-time Wordfence security network" under 'Other options' enabled. This will immediately block any attack originating from an IP address that has attacked other WordPress sites using Wordfence. This is an effective defense against this kind of attack.
We recommend that until this passes you monitor your WordPress websites closely for unusual activity including logins, account creation or changes to the public facing website.
Folk vil ind på din Wordpress installation og sikkert putte affiliatelinks i dine artikler eller andet dumt.
På den anden side skal vi også huske på at Wordfence arbejder med at beskytte Wordpress installationer så de har interesse i at sprede lidt frygt blandt deres kunder, så de bliver på produktet. Uanset hvad, så er det ALTID en god idé med en god og lang kode gerne med små bogstaver, store bogstaver, tal og tegn både på sin blog, men også alle andre steder.
I så kan man overveje at navngive sin wp-admin.php noget andet så diverse dumme bots ikke finder den.
I så kan man overveje at navngive sin wp-admin.php noget andet så diverse dumme bots ikke finder den.
Og noget så smart som at blokere wp-admin/ eller wp-login.php via http authentication - de fleste bots kan ikke finde ud af dette ekstra lag security, så de dør bare med en 403 (Forbidden) fra serveren, skåner både ens side, og ens host for en masse unødig trafik