It's Wordpress They're After

It's Wordpress They're After

Even if a Wordpress Website is personal, hackers find it by way of searching for clues of life in the software itself. 

As of late the new hack is a system of "hammering attacks" on the Login Page (wp-login.php and xmlrpc.php) of Wordpress websites.

Once a bot starts on yours, it doesn't stop. The damage is imminent even if they never gain access.

Of course you could remove those files, but your site won't run properly. Setting permissions to 0000 is only a temporary solution. If applied to the files it cripples the site and when applied to the site it's unseen to all.

It sounds innocuous at first, but 1000's of attempts per minute over periods of 12-24 hours eventually causes a site to top out server resources; the result is that the site turns off. Sure it'll turn back on in a day or so but the bot tends to return.

Sadly, once a site is targeted.. it suffers constant grief. 

Such attacks have occurred to a few clients at COOLCOM and according to some google searches this is the number one growing issue with Wordpress Websites attacks. Left vulnerable to this kind of attack the expense of getting rid of the bot rises. 

The fees to recover a site and apply fixes once it has been targeted and brought down are upward of 50.00.

Not being found to begin with is the best defense. Here's how. 

We've tried several methods of deterrent with regard to this intrusion instance, and arrived at and tested what has turned out to be an excellent and relatively simple solution. Please take the time to apply this fix to your hosting account. Each Wordpress installation should have this procedure done. 

Your site should have a file called .htaccess. It is necessary for your site to run properly. Wordpress will have created one for you during the installation of the program, but fills it only with the bare minimum. You need to edit this file adding the following lines to the top: 

SetEnvIfNoCase User-Agent "Firefox/40.1" tool
Deny from env=tool

Once this is added the bot will be eluded. Your site is off the radar. 

If you are not sure how to do this, or have no htaccess file, our techs can do this for you.

Please request this patch at the Support Desk

A nominal fee of 9.50 is charged per website. (if you have more than 5 sites, let us know, we can assemble a custom quote). 

If you don't host at COOLCOM we can still apply this fix.

Please request this patch for your Wordpress site at the Support Desk

We would additionally need your site FTP or cPanel info, please include this on your Secure Ticket.

A nominal fee of 14.50 is charged per website. (if you have more than 5 sites, let us know, we can assemble a custom quote). 

Henk von Pickartz

Written by : Henk von Pickartz

Hit the Help Desk