Webnames.ca Staff
UPDATE: Security Threat to WordPress
Last week, we informed customers of a security threat to WordPress websites, which is being facilitated by a very large and well connected botnet.
In the past week, we have fared reasonably well against the attack by mitigating the volume of login attempts to customer’s WordPress websites. Unfortunately, a more focused and massive attack was executed this morning, which did partially impact the availability (up-time) of some websites.
After our review of this attack, and weighing the likelihood of future attacks, we are opting to take proactive steps to mitigate the damage from such future attacks, and ensure that customer websites remain up and running.
Effective today, April 25th, we will be inserting an additional login page prior to being able access the traditional WordPress dashboard login page.
The username and password required to proceed will be shown on the page. Adding this extra login is a simple but effective method of preventing the botnet attack from reaching your true WordPress dashboard login page. This additional page will afford you an additional layer of security to your website, and will also prevent the massive number of requests to the dashboard login page which are at the heart of the attack.
The front-end or ‘public’ portion of your website will not be affected by this change.
We are uncertain as to how long this additional measure will need to remain in place; however it is expected to be in place for the medium to long-term.
For assistance, please contact our Support Dept. at 1-866-221-7878 or support@webnames.ca
Sincerely,
Webnames.ca Technical Support
I understand the requirement for extra security on the admin page. However, we have a password-protected page on our website for our members, and the pop-up requesting webnames credentials also comes up on that page. It’s confusing for our members – can this be changed so that only the admin page of the site is affected?
Thanks!
Hi David,
This plugin can be used as a solution to your issue http://wordpress.org/plugins/theme-my-login/
You can use the plugin to change the URL of the login page and as long as you change it to anything other than the default URL, the pop-up will not occur.
If you need help setting the plugin up, feel free to contact us at 1-866-221-7878!
I tried all the possible usernames and passwords from my and it doesn’t. This is a pain. I’ve been at it for 3 hours. I’ve installed wordpress but i can’t access the admin section
I really don’t get it.
I would love to get assistance for this please.
*I tried all the possible usernames and passwords from my account and it doesn’t work.*
We added an additional login page a few months ago for security reasons. This page, should show you the actual user name and password that you can use to log in to your Admin page. If you continue to experience problems logging in, you can contact us at 1-866-221-7878 and we can walk you through it.