You may have heard about the huge attack on WordPress sites happening right now. One or more botnets (large networks of compromised computers that being used maliciously) are attacking WordPress sites across the world by trying to break into sites using the “Admin” username and guessing passwords. Here is what we have done and know.
- Local “Admin” usernames have been disabled on all networks. In fact, this step was completed many months ago as a precaution. AD and Shibboleth, our authentication methods, will not permit a user, or compromised network of computers, to sign-in with that username.
- AD (sites.unc.edu) is also protected from brute force attacks by locking out users after three failed attempts for 30 minutes.
- A number of other security-related measures have been employed to reduce exposure to vulnerabilities.
As with all things security-related we will continue to monitor this and other potentially dangerous situations. As a reminder, enterprise WordPress sites on the ‘sites.unc.edu’ network require VPN for off-campus site editing.
Here are a few related posts in case you have a stand alone WordPress site: