WordPress DDOS Attack

So within a week of me moving many of my WordPress sites to my new Cloud VPS all my sites went down! It isn’t the fact that it is on a new hosting platform why I am writing this is because the new support team from Webair was able to tell me what the issue actually was. They didn’t beat around the bush or tell me to use some caching program, they told be the root of the problem and even offered to fix it for me!

Hackernews had a detailed article back in September about a huge WordPress issue dealing with WordPress DDOS attack on the login.php file. They recommend the obvious, avoid weak passwords, scan computer for virus, and keep your core WordPress and Plugins up-to-date. But this doesn’t help with the pounding of your server. It still will get hit.

I did a little research for a simple plugin that would blacklist IP’s after a short amount of failed attempts. Why? Because I felt I didn’t a over bloated WordPress security plugin as I use Secure passwords (thanks LastPass.com) and all my sites I maintain, I keep up-to-date. I just needed something simple.  I cam e across Botnet Attack Blocker. It has three settings and one option.

botnet_attack_blocker

The one option is for that one client that can never remember their password and needs the 10 attempts, just white list their IP. Now that is simple.

Leave a comment

Your email address will not be published. Required fields are marked *