Are you using WordPress for your MSP Marketing website?
Stuart R. Crawford / Stuart Crawford
Important Security Update: Global Brute Force WordPress Attack
WordPress remains one of the most secure managed services website solutions (if secured properly by our team of trusted managed services marketing specialists). Trust our team of trusted MSP marketing professionals to make sure your WordPress website is secured and setup correctly from day one.
Many MSP websites across the web have recently been targeted by an extensive distributed brute force attack. The attack attempts to gain access to the administrator account on WordPress sites by systematically running through a variety of password iterations. Since the attack originates from thousands of different IP addresses, it is difficult to block at the network level. But, not to fear, Ulistic MSP websites through our partnership with Siteground were protected from all threats.
Last night, Siteground reported to Ulistic for those MSP websites we manage with this global WordPress hosting leader, the attack impacted performance for several MSP websites across the Internet, regardless of whether WordPress was installed on their site. Our team of MSP marketing experts worked with siteground, and have taken several proactive measures to mitigate the security threat for those client websites our team protects. In some cases, we temporarily disabled the ability to log in to WordPress sites that were under attack – which also protected these sites from being compromised. As of this morning, April 11, 2013, all servers are back to normal performance levels and login functionality has been restored.
If you have installed WordPress on your MSP website and you are not currently working with Ulistic or siteground please take a minute or two to make sure your site is protected against attacks like this one. Here are some basic security tips:
- The easiest thing you can do to increase the security of your site is to change both the admin username and password. By default, the administrator login name is set to “admin” – and most brute force scripts have this ID and some basic variations (e.g. administrator, root, test, etc…) hardcoded as the IDs they attempt to break into. Change the username for your administrator account to something obscure.
- Make sure your password is strong. You know the drill: more than 8 characters, letters and numbers, no English words, no dates, mixture of capitals and lower case. Consider using a random password generator and a secure password manager to store it so you don’t have to memorize it.
- Install a security enhancing plug-in. The core WordPress application lacks some basic security features, such as the ability to limit the number of failed login attempts. Fortunately, you can add functionality like this via some popular plug-ins:
- Bad Behavior: http://wordpress.org/extend/plugins/bad-behavior/
- Better WP Security: http://wordpress.org/extend/plugins/better-wp-security/
- Limit Log-in Attempts: http://wordpress.org/extend/plugins/limit-login-attempts/
Are you looking for a better and performance driven MSP website solution? One that is fully managed by a team of MSP marketing professionals? Need something that is easy to work with and doesn’t take away from your daily duties providing IT services.
Call Ulistic at 716.799.1999 ext 102 and speak with us today about your MSP marketing needs.
To sign up with Siteground to host your MSP website, click here. There is no hosting company better than these guys. You will not be disappointed.