From: MacHighway email@hidden
Date: April 12, 2013, 10:15:26 PM EDT
To: Julie Maxwell email@hidden
Subject: From MacHighway: Important – Global attack on WordPress Sites
Reply-To: MacHighway email@hidden
Julie Maxwell (GRW),
If you are using WordPress on your web site you need to read this:
We’ve received reports about a distributed attack against WordPress installations across the world.
We’ve created a detailed blog post that talks about this issue and the steps you need to take to secure any WordPress powered websites from this attack.
We encourage you take the steps mentioned in the blog post and spread this information regardless of whether you’re hosting with us or not and help your customers prepare against this attack.
Thanks,
Chris Graves
President and Founder, MacHighway.com
Thanks for this Julie. I run a number of sites that use WordPress (http://www.freewaystyle.com being one of them) and spent a good few hours yesterday trying to log into these sites after I thought they had been hacked. It turns out that the host had ‘secured’ the server and prevented access to the WordPress logins without telling anyone. Needless to say that the sites weren’t going to get hacked as no one (not even the site owner) could log in!
I generally do like WordPress but it is a very big target for hackers and spammers alike and requires a lot of upkeep making sure that you haven’t left anything exposed that could let someone exploit the server.
Regards,
Tim.
With over 64 million WP sites world-wide, I’m sure there are many attacks
every day. Just not on mine. Most of these attacks are brute force, and
plugins exist to limit login attempts - although my own experience is they
also limit legitimate users.
Wordpress attacks have been ramping up over months, so it’s about
awareness, not panic imo.
As recent as last year, 97% of attacks on all sites are still SQL Injection
attacks - which means form submissions and the like. So regardless of CMS,
forms are still most exploitable.
It seems like a good opportunity for other CMS to capitalize on this latest well-publicised attack and grab some dissatisfied, unhappy and/or scared WP users.
Todd
Wordpress attacks have been ramping up over months, so it’s about awareness, not panic imo.