10 Apr
2013
Recent WordPress Brute Force Attempts and More – Solved!
Update: How our approach to the Global WordPress Brute force attack is better than what we see other hosts now do.
At the time we post this there were not many official statements made by other web hosts, now more than 24 hours later we have seen several official statements how other approach the problem, and we would like to turn your attention to the fact that the solution to the Global WordPress brute force attack, proposed by the majority of the other hosts has some serious limitations. It is based on editing .htaccess files. We believe that this is only a partial fix to the problem. If your host relies only on .htaccess rules to stop the attackers, they actually allow them to reach your server, make requests, process those requests, check whether they should be blocked and then finally reject them. All that causes server load and makes your site slower, even if the brute-force attempt is stopped. Last but not least, this causes problems for the people who don’t know about the attack and only see themselves unable to access their sites.
We at SiteGround have taken a different approach preventing attackers from even reaching the server. This means that no load is caused on the server, no sites are slowed down and all targeted sites are protected in a way that most of our customers won’t even notice the attack!
It seems spammers and hackers didn’t get much sleep the last few weeks. We’re seeing an abnormal amount of hacking and bruteforce attempts towards Joomla and WordPress sites the last two and a half weeks. Additionally, the popular WordPress plugin Social Media Widget was reported to have suddenly started to insert hidden spam SEO links. Solving these problems immediately became our security team’s goal number one. There were some easy solutions like fully restricting the access to the application login forms for the time of the attacks and forceful removal of all faulty plugins. We saw other hosts take these actions. However, we do not like easy security solutions that make customers feel punished, while other people are the real wrong-doers. Guided by this belief we once again solved the problems in our own way – efficiently and at the same time user-friendly.
UPDATE: SiteGround has now launched auto-updates for Joomla applications as well! All our Joomla users can now enjoy the same benefits and subscribe for free auto-updates of their application from the SiteGround auto-update tool in their cPanel. For a detailed tutorial how to turn on auto-updates for Joomla, 
We started in 2004 with very little experience, but multiple times as much enthusiasm. We were a group of tech geek friends committed to learn and improve – and so we did. We very soon managed to make a name for ourselves as a small web hosting company with great potential. Our investment in skills and people in the form of multiple technical and management trainings paid off pretty soon. In short time we had everything we believed a good web hosting company should offer – fast and reliable hosting infrastructure, a variety of feature-rich hosting plans to fit the needs of any type of website, and first-class customer service ranging from our sales representatives to server administrators and technical support experts.
As you may already know, in SiteGround we’ve always been in pursuit of server tweaks, hacks and optimizations with one primary goal – deliver the fastest possible (and secure at the same time) website loading speed. We know how important it is for a website to load fast, how frustrating it is having to wait for 15 seconds just to see a header banner image and then 10 more seconds to load the body of the website. And nowadays even search engines like Google take into account website loading speed when it comes to search results.
Latest Comments