If you’ve been a subscriber for a while, or have taken the time to browse our blog archive, you know that I talk frequently about security. Even the most vigilant of us get affected from time to time, as Internet villains find new ways to practice their nefarious deeds.
Our new hosting provider (InMotion Hosting) sent an email last night to notify us that our account was experiencing a “Account Resource Overage”. I immediately panicked, thinking that something was wrong with our WordPress install, or our disks were full, but nothing seemed amiss. I sent a response back to InMotion asking for more details.
Turns out we were the target of a brute force attack.
A hacker tried to log into our site over 1,500 times in the matter of a few minutes. InMotion blocked the offending IP address.
The hacker never got in. No accounts were compromised. “How is that possible”, you may ask?
Strong passwords, and an excellent security plugin. A HUGE lifesaver.
So why the account resource overage warning?
By virtue of attempting to log in, the hacker used processor power from our server. Many, many times more processor power than was normal. All in the hope that they could guess a password. The more attempts guessing, the more power used. Eventually, it would have made our site unusable.
It can happen to you! So, how to stop that from happening…
One way is to require yet another username and password before even getting to the WordPress log in screen. See “Password Protect wp-login.php” in the brute force attack article. Not a realistic option. I already have enough passwords, thank you very much.
Instead, I choose to Deny Access to No Referrer Requests. I won’t bore you with the details; you can Google or read it in the linked article it if you’d like to learn more.
What can you do?
Read the security articles I wrote (if you haven’t already). Create strong passwords, especially for your WordPress log in (if you haven’t already). Change your passwords occasionally. If you’ve purchased a site setup, transfer, or maintenance plan from us, you already have a solid security plugin installed. Check that off your list.
What we’ll be doing: Over the next week, I’ll be applying the same No Referrer Request patch to all current Integrant Services customers, even if you aren’t on a maintenance plan. Free of charge.
It’s what we do.
You shouldn’t notice anything different; if you do, contact [email protected] ASAP so we can fix it.
Happy (and safe) blogging!