free website hit counter
RSS Feed     Twitter     Facebook
Room 09 Shop
Read Detail
Live Demo
Buy Now
Simplicity eCommerce
Read Detail
Live Demo
Buy Now
Bazar Shop
Read Detail
Live Demo
Buy Now
The Retailer
Read Detail
Live Demo
Buy Now
Phomedia E-Commerce
Read Detail
Live Demo
Buy Now

WPTavern: A Closer Look At Brute Force Attacks Against WP Sites

Font size:
  • Sharebar

Perhaps one of the easiest attacks to perform on a WordPress based website is a brute force attack. Sucuri took the time to create a few different honeypots and monitored WP-Login.php to track the various IP addresses as well as the passwords used to break into the site. Their list of passwords attempted is no surprise to me as I’ve seen the same results over the course of a year via the Limit Logins plugin. It all comes back to the use of a strong password. A strong password would look something like this, RCu7R*0#zm. Unfortunately, many forms don’t accept certain characters in passwords so at the very least, add numbers to your password if you can only use numbers and letters.

The reason why this is one of the easiest attacks to perform is because by default, WordPress allows an unlimited amount of tries when logging into the backend. I understand that it’s the users responsibility to use a strong password but at the same time, I feel as though the software could help out by only allowing 3 login tries per IP address, very similar to how the Limit Login attempts plugin works. After 3 failed attempts, the IP address would be locked out for a certain amount of time. The only thing I can figure is this particular enhancement would cause some site owners more grief than peace of mind. Unlimited login attempts has been apart of WordPress since I started using it in 2007 and I don’t see it changing anytime soon, especially since the Limit Login attempts plugin exists and solves the problem so well.

Related posts:

  1. Update On My Use Of Limit Login Attempts

Share with: Twitter Delicious Facebook Digg Stumbleupon Wordpress Googlebuzz Myspace Gmail Newsvine Favorites More
You can leave a response, or trackback from your own site.
Some More Popular News

Leave a Reply

 

Recent Search

TheTechjournal.com
Copyright© 2014 WordPress Planet | All Right Reserved.