I have a number of WP sites all with hardened security. Google Analytics doesn't show unusual traffic. Is this attack still ongoing?
-
I believe so. It's a botnet that's crawling all over the web looking for WordPress sites, so if it hasn't visited yet that doesn't mean it won't eventually. At the moment though all it does is try to brute-force the password for the account named "admin", so if your administrator account has a different name it won't get anywhere. Good passwords will keep it out, but the problem is if it thinks there's an account called "admin" (from the message it gets when it's rejected, I assume) it'll keep trying for ages, amounting to a massive DDOS against the site.Originally posted by Cliphead View PostComment
-
I have WP and have ditched the admin account. I also attribute the posts to another user account which has minimum capabilities.
That seems to have kept my site safe so far.McCoy: "Medical men are trained in logic."
Spock: "Trained? Judging from you, I would have guessed it was trial and error."Comment
-
I noticed a massive spike on my site around 3 weeks back. Suspect it was this bot. In my case there was a spike of about 400 visits in one day. The usual number is about 150.Originally posted by NickFitz View PostMcCoy: "Medical men are trained in logic."
Spock: "Trained? Judging from you, I would have guessed it was trial and error."Comment
Comment