So, there’s a WordPress botnet – what now?

wordpress botnet

Image courtesy of

According to Hacker News, attackers have taken control of thousands of poorly secured WordPress Hosts to create a large Botnet of WordPress hosts, and have now launched a massive DDoS attack on other WordPress sites.

The news of this WordPress Botnet highlights the well-known security concerns many have with WordPress. As one of the most popular software frameworks for serving and supporting blog content on the Internet, WordPress is naturally a large target for attack. That, combined with the fact that many WordPress users may not be versed in basic security practices like patching – more than 70% of WordPress installations are vulnerable to attack according to a recent study from WP White Security – makes everyone’s favorite CMS pretty sweet prey for attackers.

So, what does that mean to you if you are running a WordPress installation? Hacker News points out the importance of keeping WordPress up-to-date, keeping up with patches and security updates. WordPress has its own hardening guide, and you can do a bit of research and find dozens of guides, plugins, and tools built specifically for improving WordPress security.

Of course, if you’re a Halo Enterprise user, you can take advantage of our recently released Configuration Security Monitoring (CSM) and File Integrity Monitoring (FIM) policies for WordPress. With the Halo WordPress policies, Halo is able to ensure that application-specific configuration items are set to the latest and best industry security practices, and that WordPress executables and read-only files that shouldn’t be changed don’t get changed, guarding against malware, APTs, and other threats. The Halo CSM and FIM WordPress policies complement Halo’s rich policy template library that consists of Core and Extended operating system (OS) policies for Linux and Windows.

Also, with Halo dynamic Firewall and GhostPorts modules, WordPress administrators can easily lock down access to their WordPress server(s), by requiring the use of multi-factor authentication for access. You would just need to set a firewall rule to require SSL to access the Admin login page, and then set up a GhostPorts rule for port 443 (don’t forget to set up GhostPorts for the Admin in question).

All in all, if you’re already using Halo for server hardening and file integrity monitoring, it’s easy to wrap the security of your WordPress instances into your overall security plan. By taking simple security precautions like patching/updating software, hardening configurations, and implementing a couple of simple firewall rules, you can prevent many of the issues that could land your WordPress implementation in the hands of hackers.

Stay up to date

Get the latest news and tips on protecting critical business assets.

Related Posts