Cyber Attacks Against US Sites and Wordpress From China On the Rise

Over the past several years, cyber attacks against companies world-wide have continued to escalate. While the government has not made any official comment on the problem, industry experts, web hosts and software makers have issued security alerts and patches to help combat the onslaught of attacks that seem to be predominantly originating from China, Russia and Turkey.

The primary targets of brute force attacks, at the time this blog is being published, are Wordpress websites. That is not to say that attacks are not being directed at other content management systems, FTP's or other hosting related content. It seems that there is a concerted effort by China-based hackers to exploit known security problems in the popular blogging platform. The majority of IP addresses being used to attack sites are based in China.

So, what can you do to protect your site? Here are a few tips.

  1. Update your software to the latest version. This includes your CMS (i.e. Wordpress) and all plug-ins.
  2. Ask your hosting company to update the PHP, MySQL and other hosting related software.
  3. If you can afford it, move to a dedicated hosting server so security problems on other websites hosted on the same server do not provide hackers access to your website.
  4. Create a new administrator account with a secure password.
    • Do not use words found in the dictionary
    • Use upper and lowercase letters, numbers and punctuation marks
    • Use at least 8 characters
    • Easy to remember, example: IL0veGr@pe$2
  5. Delete or disable the "admin" or "administrator" account.
  6. Use HTAccess passwords to protect the administrator area of your site.
  7. Use HTAccess IP address blocking to block visitors from countries where you do not do business.
  8. Install anti-virus software on your personal computer.
  9. Install backup software and use it to backup your website anytime you make changes.
  10. Create a disaster recovery plan with step-by-step instruction on how to restore your website, and include emergency contact phone numbers and account information you will need to get the job done.

For more information email us at