more wordpress brute forcing…

(originally written april 9th.) OK. so the wordpress password guessing game changed this morning. We started getting hit fast and hard. I’ve seen everything from 180 guesses in 23 seconds to 2000 in 120 seconds. And then there are (still?) the stealth scanners… 43 guesses in 10 hours. I don’t see any easy fixes. I’m […]

wordpress brute forcing :(

Looks like a fair number of wordpress installations are being brute-forced… SUCCESSFULLY :( I guess the fix is going to have to be to automate the installation of something like the Limit Login Attempts plugin … but I believe we also need a script to reset admin passwords, certainly for compromised accounts both things need […]