In case anyone did not receive this, Lorelle at wordpress put this post up today. It is about fighting spammers, passwords that are resistant to attack, etc.
Sucuri, the web security specialists, published “Brute force attacks against WordPress sites,” an in depth look at not just the importance of a strong password but the brute force nature and anatomy of login and registration access attacks.
There is a technique known as brute-force attack. Like the name implies, access is gained to your environment through brute force. Often conducted by bots, these attacks will run through a compiled list of common passwords and their permutations (i.e., password, Pa$$w0rd, p@ssw0rd, etc..). Yes, the attackers know that you substitute ‘A’ for an ‘@’ and ‘S’ for a ‘$’. Using this method the attackers are gaining access to your wp-admin, this then allows them to serve spam via your posts, deface your home page like we recently saw with ServerPro, and inject any one of the other types of malware roaming the interwebs.
Because of the consistency and…
View original post 1,292 more words