Eli's WordPress Blog

My WordPress Plugins, and other stuff.

Main menu

Skip to primary content
Skip to secondary content
  • All Posts
  • Anti-Malware
  • Google Analytics
  • Related Posts
  • SHORTcURL
  • SQL Reports

Tag Archives: security

Just what do you think you are doing, Dave?

Posted on May 3, 2013 by Eli Scheetz
4

In the last two weeks I have been working on perfecting a patch for the wp-login.php page that will prevent a swarm of brute-force attacks from guessing your password or bringing down your server. When I first released this patch it was a bit overzealous and caused a few people to be temporarily locked out of their own blogs as their login attempts were incorrectly identified as brute-force attacks.

This patch of mine has also caused a small wave of paranoia because it displays the unconventional (and a possibly spooky) message “Just what do you think you are doing, Dave?“ whenever brute-force or too many failed logins is detected. This message is a quote from the movie 2001: A Space Odyssey. Even though I intended this message to bring out the humor of the situation, I also feel it is very relevant (unless your name is not Dave :-)

The linked response “Open the Pod bay doors, HAL!“ also a quote from the same movie and it’s just there to link you back to the login page should you wan to try to login again.

I have also received many inquiries as to why the wp-login.php file is flagged as an WP Login Exploit on every install of WordPress, even brand new installs of the most current version. This is simply because WordPress has no built-in brute-force protection and it’s login page is exploitable. It has been clearly demonstrated through the widespread attacks on login pages around the world as of late that it is not only vulnerable to password cracks via brute-force but it also has been shown to overload and bring down a whole server if the attacks are too numerous. That is why my patch also prevents the loading of the WordPress bootstrap if a brute-force attack is detected so that your server’s resources are not tied up just telling hackers if they guessed the right password or not.

I hope this helps answer your questions about this new threat and my approach to solving it. Feel free to leave a comment if I could do better explaining anything.

Posted in Anti-Malware | Tagged security, wp-login.php | 4 Replies

Now available in the WordPress Repository

Posted on March 26, 2012 by Eli Scheetz
10

I just released my new Anti-Malware plugin for WordPress. It is still in BETA but I think it will be very helpful in removing malicious scripts and patching security vulnerabilities.

An example scan that found some threats

Please leave feedback and donate whenever possible.

Posted in Anti-Malware | Tagged plugins, security, WordPress | 10 Replies

Archives

This Day In History

  • Found and fixed a lingering issue with the Related Posts sometimes not showing up March 15th, 2012
  • Monetize your blog with my WordCents adSense Widget March 16th, 2012
  • Now available in the WordPress Repository March 26th, 2012
  • The disastrous effect of social inequality on health and social stability March 28th, 2012
  • I added a shortcode for preg_replace to my SHORTcURL Plugin March 25th, 2013
  • New Backup Plugin for WordPress March 8th, 2015

Recomended Software

  • SpiderOak SpiderOak
  • Ubuntu Ubuntu
Proudly powered by WordPress2011 Child Theme by