EnglishDeutschFrançaisMagyar
by Transposh - translation plugin for wordpress
+36703116133
Technical help
(06) 46-79-68-27

Control of Joomla and WordPress attack!

Control of Joomla and WordPress attack!

ID 10088163

In recent weeks a lot of brute force attack of the type we have seen WordPress and Joomla Admin pages.

Unfortunately we cannot fully eliminate because there are many hundreds of different IP coming from the attack and there is no clear pattern of attack. The creator of this website must be resolved and secure website.


How to notice if there is a problem? The case is almost certain to attack website:
-If it is significantly slowing down website
-a lot of registration, I forgot my password email to arrive
-suddenly fills up the space
-If you already have installed the security component may indicate
-cPanel-in the left pane of the Statistics the cpu, memory and entry process is already in the Red, because of greatly increased the hosting resource the need for

What can you do in such a case?
Update the framework to be always up to date. Securing the admin interfaces, only the right to have access to.

In the case of the control for Joomla: The/administrator directory to password protection, This cpanelbe the passwordwith proprietary menu you can. Another solution might be to use the htacess you only trusted ip addresses allow the/administrator directory. If neither appropriate, then you can choose to FTP cpanel file manager, or simply disable the/administrator directory (0755-available from the 0000 law takes off) and when you need it will let you edit it back to the right until. This solves the problem.

For more tips, see the joomla admin control here: http://anything-digital.com/blog/security-updates/3-joomla-security-tips-to-protect-against-brute-force-attacks.html

Other add-ons joomla protection: http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection

In the case of the WordPress control: In the URwp-login.php file are almost always attack, This can protect you, to simply remove all right about it and when you need it by setting the rights back to 0644-re. We do not recommend the installation of the Wordfence Security application! One method of ip restrictions, the htaccess Defense. Create a .htaccess file and put in the following code:

RewriteEngine on
RewriteCond %{REQUEST_URI} ^/wp-login.php(.*)$ [Or]
RewriteCond %{REQUEST_URI} ^/wp-admin $
RewriteCond %{REMOTE_ADDR} !^ 123.123.123.123 $
RewriteRule ^(.*)$ – [R = 4, L]

The last line before the 123 your ip address or ip range, I replace the pictures, so only you can access the admin section.

From here you can download the htaccess file, just rename it to .htaccess name after uploading!

In such a case, the Council of WordPress.org: http://codex.wordpress.org/Brute_Force_Attacks

The WP Admin Protection (by SiteGuarding.com) plugin for wp-login attack works well, because the wp-login cannot be called direct will be able to change the wp-login to access!

Other forms of attack against the worpress the URxmlrpc.php post attack, in this case the htaccess file put in the following code:

The Files/Files and before there is a break, I clear out!

< Files “URxmlrpc.php”>
Order Allow,Deny
Deny from all
< /Files>

From here you can download the htaccess file, just rename it and then after uploading the .htaccess name!

You can install the xmlrpc attack against the following plugin: Remove XMLRPC.PHP Pingback Ping

For more solutions to be found in the Forum: http://wordpress.org/support/topic/xmlrpcphp-attack-on-wordpress-38

as well as this site: http://blog.spiderlabs.com/2014/03/wordpress-xml-rpc-pingback-vulnerability-analysis.html

Another useful site: http://perishablepress.com/wordpress-xmlrpc-pingback vulnerability/comment-page-1/

The best, in order to optimize the operation always update your applications, frame system, speed up your website, This may be the solutions: cache, gzip, CSS compression, pictures, video(k) to optimize web etc.….Dramatically accelerate the website and ease the resource when.

Their own WP pages use these plugins, In addition to the appropriate setting, without any problem:
Akismet
Country Code Failed Login
Google CAPTCHA
Wordfence Security

Please note that the application is running on your space, You must provide for the safe operation of, If this does not happen, then without, immediately suspend page, to protect our, our users.

If you have additional questions you may have, Please call us and we'll help you.

Related Post
Joomla security solutions

Related

Read more