Skip to main content

Security Alert: WordPress Accounts Targeted

April 18, 2013

Over the last few days FishNet Security's Global Threat Intelligence Center (gTIC) has been monitoring increased brute force attacks targeting over 90,000 web sites utilizing WordPress functionality. These attacks have been associated with botnet activity and focus on the default admin and common user accounts being targeted during the attack.

Common security practices of ensuring secure passwords are in place, ensuring multi-factor authentication is being utilized, ensuring that the latest vendor released patches and updates are implemented, and ensuring that Wordpress hardening standards are followed are highly recommended.

Additional recommendations provided by FishNet Security's partner Radware include: use JavaScript Web Challenges and to use an abnormal application behavior appliance that secures web applications. This can block these brute force attacks by detecting multiple unsuccessful login attempts to the WordPress login page originating from the same source in a short time period. The malicious sources can then be suspended or blocked for configurable timeframes.

In the event that a load balancing or proxy solution is in place, a throttling process may also be implemented.

On Monday, US-CERT issued a notice on these attacks. This release may be found at http://www.us-cert.gov/ncas/current-activity/2013/04/15/WordPress-Sites-....

US-CERT also provided more information to assist  administrators in maintaining their secure content management system include:

  • Review the June 21, 2012, vulnerability described in CVE-2012-3791, and follow best practices to determine if their organization is affected and the appropriate response.
  • Refer to the Technical Alert on Content Management Systems Security and Associated Risks for more information on securing a web content management system
  • Refer to Security Tip Understanding Hidden Threats: Rootkits and Botnets for more information on protecting a system against botnet attacks
  • Additional security practices and guidance are available in US-CERT’s Technical Information Paper TIP-12-298-01 on Website Security

Active reviews of accounts contained on WordPress servers should be monitored for unauthorized activity including access and system and file changes.

Related Blogs

October 04, 2013

Security Alert: Adobe Compromise

Adobe Inc. posted a public disclosure on October 3, 2013, that they had been compromised by sophisticated attackers and that customer information alon...

See Details

March 14, 2018

Observations on Smoke Tests – Part 1

Smoke testing in the traditional definition is most often used to assess the functionality of key software features to determine if they work or perfo...

See Details

January 31, 2014

SDN APIs: A New Vocabulary for Network Engineers

Whiteboards and slides have been instrumental for networking discussions for a long time! Color-coding markers and those fancy “glass whiteboards” are...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.