Today I read another article about a new security issue in WordPress that was being exploited, it’s a brute force attack on the XMLRPC function system.multicall – in essence some hackers/badbots were using the function to enable them to attack the XMLRPC area not once per call (the normal) but upto 500 times per call. A Brute Force Amplification Attack.
You can read more about it on the Sucuri Labs Blog.
If you are a WordPress site owner or developer and this doesn’t scare you – then hopefully its because you really are secure. But let me tell you something…
If you rely on a plugin within wordpress for your security, you are NOT safe from attack!
I am serious, no plugin alone can ever stop you being attacked. If it some how blocks every exploit (which it won’t), it still cant defend your site against brute force attacks.
I talk from experience when I say ‘attacks are scary’ and that ‘plugins don’t work for security’ – Last august SEOAndy was attacked, again and again in the hope of just bringing the site down. You can read about what i learned from my wordpress site being attacked here.
Since then attacks have been constant, but have had no effect on this website – not for a moment since has it come close to being out of action due to a brute force attempt or hacking. The reason is simple, and it is what makes WordPress Security Easy!
Yes, I said Security and Easy in the same sentence!
The reason is that I use CloudProxy from Sucuri Labs.
CloudProxy is a Web Application Firewall service. To put that simply it is a special firewall built to protect websites made with wordpress or some other CMS. But, CloudProxy is special because they are specialists in patching zero-day exploits for WordPress, and this doesn’t mean they fix the code on your site – when you direct traffic via CloudProxy they cleverly virtually patch the code for known exploits, as well as filtering out bad bots (brute force attackers) and much more. Plus you can even use CloudProxy to cache your site.
CloudProxy is also really affordable with plans starting from $10USD per month per site.
CloudProxy is all you need for WordPress protection. To set up is really easy; choose a CloudProxy plan, follow the wizard, repoint your namerservers (to use their DNS and take full advantage of brute force protection) and thats it. Nothing to change on your server or website, simple and easy.
Bonus: You don’t need to (we don’t on most sites) but you can install the CloudProxy plugin too, this will take you step by step in “hardening” your wordpress install too.
Don’t be a fool and think your website won’t be attacked just because it has never been before, there is always a first time – and it’s normally the worst.
Sign up to CloudProxy Today and stay protected.