Last week a large botnet targeting WordPress sites was discovered by an Italian security researcher. This botnet is targeting WordPress websites with a password guessing attack. It is being called the Aethra Botnet because it is powered by a router/modem, made by Aethra Telecommunications, that suffers from several vulnerabilities.
Some internet providers were quick to patch their vulnerable devices, once the issues were disclosed, but others are responding much slower and have not, and the botnet continues to attack WordPress and other targets.
For background on how the brute force attacks were discovered, head over to Voidsec and read more about it.
But, the bottom line is, if you haven’t put good security measures in place on your WordPress website yet, you really need to start doing so. Otherwise you will find yourself a victim of such an attack and it won’t be pretty when your website goes down!
If you are one of our clients on a WordPress Monthly WordPress Care Plan you are already protected! We have secured your site for you.
If you don’t have a monthly website care plan with us, you may want to consider getting one. The peace of mind it can give you, knowing that if anything were to happen to your site it could quickly be recovered, is priceless.
With this plan we install professional grade security into the backend of your site, and configure it to stop these types of attacks. We also keep your WordPress core software up-to-date, and your plugins and themes updated, and regular backups of your website are done and stored off-site, so recovery from a disaster can be done quickly.
While nothing is going to protect you 100%, the methods we use offer you the best chance of beating these types of attacks.
Alternately, installing and maintaining your own security in the backend of your WordPress site yourself is an option. But, remember, you must be vigilant about doing all of your software updates on a regular basis to keep things locked down. Just simply installing a plugin for security and forgetting to maintain the other things isn’t going to be of much help.
And, don’t forget your “best security” practices such as changing the default login from “admin” to another name and using a strong password that contains random letters, numbers and symbols, to make it difficult for these type of bots to crack.
Image Credit: kpgolfpro / Pixabay