6Scan Ltd., a provider of website monitoring and security for small businesses, has responded to the ongoing wave of brute force attacks on WordPress websites by offering a free service for web hosting companies. With 6Scan’s cPanel plug-in installed on Linux servers, hosting companies can now offer their customers free vulnerability scanning and one-click automated repair.
Hackers reportedly are using a homegrown botnet to execute brute force attacks against WordPress websites, using the username “admin” and commonly used passwords to seek entry. The attacks began earlier this month and more than 100,000 websites are now infected. The goal of the attack is to install backdoors onto web servers, which are more powerful than desktops and are more valuable as a botnet.
“This threat is sophisticated and significant in scope,” according to 6Scan Cofounder Nitzan Miron. “However, defending against these types of attacks should not be complex, nor should it be costly. The program we’ve developed benefits the entire website ecosystem: web hosting companies, website owners and website visitors. These benefits are available at no cost to the hosting companies or site owners.”
During the initial days of the WordPress attack, 6Scan-protected websites saw a surge of 40 percent in malicious requests, reported Miron, who added that not a single 6Scan-customer website was breached. As documented in recent reports from Verizon and Symantec, the threat to small businesses from cyber-attacks is growing. Add to that the enormous popularity of WordPress, and these types of attacks are inevitable.
CLO Inside Scoop: With the growing popularity of WordPress, website owners and hosts need to be vigilant and proactive in order to safeguard against such attacks. Services like 6Scan’s are a valuable entry in this field. Has your WordPress site been hit? One common warning sign that your WP site is being attacked is that it suddenly slows down, crashes or becomes unreachable. Do-it-yourself defense against the botnet includes upgrading to the latest version of WP, hunting down and changing “admin” logins, switching to stronger passwords and turning on WordPress’ Duo Security two-factor authentication. (Check out the Duo Security plug-in here http://wordpress.org/extend/plugins/duo-wordpress/).
(For more information visit http://www.6scan.com.)
Recent Comments