How to Repel WordPress Brute Force Attacks
Page 1 of 1
In a brute force attack, the attacker randomly tries username/password combinations until one works. In the case of the ongoing attack against WordPress sites, the attackers are simply going after sites with the username "admin" and attempting to brute force the password.
There are a a number of things users can do to help mitigate the risk of the current round of WordPress brute force attacks.
Matt Mullenweg, creator of WordPress, suggests that WordPress administrators start by choosing a user name other than "admin" for the root control of their WordPress installation. Mullenweg also suggests the use of a strong password as detailed in a support note posted on the WordPress.com website.
Users of the WordPress.com hosted service now also have the option for two-factor authentication. WordPress is leveraging the Google Authentication two-factor technology to secure WordPress.com users. With two-factor authentication, a second password that is uniquely generated at specific time intervals is required to log into a site.