March 8th Update: How to protect yourself against the current spate of attacks

Please note we’re currently seeing some very large brute force attacks. A brute force attack is a password guessing attack where one or many robots will access your site and try to guess your password.

To reduce the risk of your site being caught up in the current wave of attacks we recommend ensuring that all your WordPress admin accounts are using strong passwords, that you have Wordfence installed and the number of login failures set to 20 or less on the Wordfence options page.

You should have “Count login failures over what time period” set to 5 minutes and “Amount of time a user is locked out” set to 1 hour. An hour may not seem like much, but it will effectively defeat a password guessing attack.

We also recommend you enable “Participate in the Real-Time WordPress Security Network” because this will immediately lock out any attacks from the Botnet that is responsible for the current attack.

If you are NOT running Wordfence (we love our product but understand not everyone uses Wordfence) please ensure that your ‘admin’ account has been renamed to something other than ‘admin’ and you are using strong passwords. Also monitor your WordPress website for any suspicious activity.

Keep a close eye on your website logs.

Our systems (and our humans) post regularly to Twitter and Facebook with information on attack frequency and status updates. If you would like to receive these updates you can “Like” us on Facebook and they will appear in your feed:
https://facebook.com/wordfence

Or you can follow us on Twitter at https://twitter.com/wordfence

We also have a very popular WordPress security mailing list where we send out urgent security updates and product news about Wordfence that you can join on this page: https://www.wordfence.com/subscribe-to-the-wordfence-email-list/

Regards,

Mark Maunder
Wordfence Founder and Feedjit Inc. CEO.

https://www.ads-software.com/plugins/wordfence/