WordPress sites are being bombarded with attacks the number of attacks from this campaign is outpacing all other attacks on WordPress vulnerabilities combined.
Click here for the full WordFence article.
One of the sites we maintain was hit by over 1000 login attempts overnight. To shut this down we have blocked all connections from the originating country – in this case, it was from China. This doesn’t mean the attacker is in China – merely that is where the connection was being routed through.
If you have your website hosted and maintained by PAAC IT, there is no action you need to take – we have you covered!
If not, here are a few quick tips to get your site secure.
- Update WordPress to the latest version WordPress 5.4.1
- Update all plugins
- Remove plugins that are not being updated or supported
- Install and run WordFence – we use the premium on all of our customers without exception
- Update all themes – you might need to pay for a subscription to the theme
- Set up alerts so you know when you’re under attack.
- Actually read the alerts! Block countries and IP addresses that attack you
- Check who has admin rights – remove accounts that don’t need to be there
- Change passwords and make them complex!
- Ensure ALL admin accounts have 2FA enabled.
As ever if you need any help, reach out to me at firstname.lastname@example.org.
If you haven’t already – make sure you subscribe to IT Insights to get alerts just like this straight to your inbox.