In recent weeks, it has come to light that there is an ongoing, highly distributed effort to attack
Wordpress websites with poorly secured administrator passwords.

This attack is highly organised, using over 90,000 IP addresses in an attempt to guess the
administrator password for WordPress sites.

We are aware of these efforts and are deploying a series of counter-measures to protect our
customers against this effort.

We do, however, encourage our customers to take steps to ensure their WordPress sites aren’t
compromised due to weak or insecure passwords.

The following are several ways customers can further protect their WordPress sites:

WordPress BulletProof Security Plugin

The WordPress BulletProof Security Plugin is a free, multi-purpose security tool for WordPress
intended to protect your WordPress site against a variety of security attacks.

This tool is installed like any other WordPress plugin and provides a number of tools customers can use to improve the security of their site.

If you are interested, you can find more details about the plugin at http://wordpress.org/extend/plugins/bulletproof-security/

WordPress Better WP Security Plugin

Another alternative plugin for WordPress, “Better wordpress security” provides extra features, and security measures which are widely used, and provides it in a single plugin which is easy to manage, and provides many methods for protection.

If you are interested, you can find more details about the plugin at http://wordpress.org/extend/plugins/better-wp-security/

Deny Access to your wp-login.php Page based on Country Code

Another method, which can assist, is by utilizing a rewrite which would deny access to your websites back-end unless the user is identified as being in Australia or New Zealand.

For anyone who runs a blog which is centralized around being logged into by Australian and New
Zealand users, this method would be a good start for security, as the attacks are generally originating from foreign networks.To deny access to IP addresses other than those from Australia and New Zealand add the following block of code in the /home/username/.htaccess file:

<FilesMatch “^wp-login.php$”>

<IfModule mod_geoip.c>

Note: replace “username” above with your cPanel username.

Password Protect Your wp-login.php Page

Another method, similar to above, is instead of blocking access based on a country, is assigning a password to your login pages.

There are two steps in accomplishing this. First you need to define a password in the .wpadmin file, and then you activate the security in the .htaccess file.

Step 1: Create the Password File

Create a file named .wpadmin and place it in your home directory, where visitors can’t access it.
(Please note there is a period preceding the wpadmin in that file name.) The following example is for cPanel. Plesk would require placing the file in/var/www/vhosts or /var/www/vhosts/domain.

EXAMPLE: /home/username/.wpadmin
(where “username” is the cPanel username for the account.)

Put the username and encrypted password inside the .wpadmin file, using the
formatusername:encryptedpassword
EXAMPLE: john:n5MfEoHOIQkKg

(where “john” is a username of your choice, and the password shown is encrypted.)
Generate Password File & Uploading Via File Manager or FTP
One way to do this is to generate the file using the website linked below, and then upload it to your
site via FTP or File Manager. In the directions below, we will use File Manager, but you could use FTP
instead, for those of you familiar with FTP.

1. Visit: http://www.htaccesstools.com/htpasswd-generator/
2. Use the form to create the username and password.
3. Login to cPanel in another window or tab.
4. Click on File Manager.
5. Select Home Directory.
6. Check Show Hidden Files (dotfiles) if not already checked.
7. Click on the Go button.8. Look for a .wpadmin file.
o If one exists, right click on it and select Code Edit to open the editor. Click on
the Edit button to edit the file.
o If one does not exist, click on New File at the top of the page, and specify the
name as .wpadmin (with the dot at the front) and click on the Create New
File button.
9. Paste the code provided from the website in step 2.
10. Click on the Save Changes button when complete.
11. You can Close the file when finished.

Step 2: Update the .htaccess File
All domains under the home directory will share the common .wpadmin file. (The command listed in
Option B above creates the /home/username/.wpadmin file due to the -c.)
The last step is to place the following code in the /home/username/.htaccess file:

ErrorDocument 401 “Unauthorized Access”

ErrorDocument 403 “Forbidden”

<FilesMatch “wp-login.php”>

AuthName “Authorised Users Only”

AuthType Basic

AuthUserFile /home/username/.wpadmin

require valid-user

</FilesMatch>

Note: in the above examples, you would of course replace “username” above with your
cPanel username.

If you can benefit from free web hosting, a free server, savings on data storage or would like to get your hands on a free iPad 2, Servers Australia could be your best friend this Christmas!

Servers Australia are rewarding our Facebook friends by giving away free web hosting to friends with an ABN. Our free web hosting includes 500MB Disk Space, 5 GB Data Transfer, cPanel Control Panel and more. Visit Servers Australia Facebook page to sign up for your free web hosting today.

It’s no secret that successful businesses and enterprises perform best with fast, secure and reliable servers. Add to your current server network or get your very first server for free and enter the draw to win a dedicated server here.

If you’re looking to expand your business and need more data space, we’re cutting your costs. Servers Australia are dismissing the setup fee for all new Equinix SYD3 Colocation customers until 20/12/12. You’ve one more week to jump on this special offer, saving you up to $199. See our website for more information.

We are giving away iPad 2 tablets! Servers Australia are giving away, one-for-one iPad 2′s with every E3-1245 starter series server or higher on a 24 month contract. That means if you buy 10 servers you get 10 iPad 2′s! See our servers series here.

Unlike Santa, we’re giving away these deals whether you’ve been naughty or nice -but we hope it’s the latter!

We are offering double bandwidth and double ram to new customer purchases of the ‘Starter Series’ of our Dedicated Servers range. With speed and reliability, our ‘Starter Series’ servers are top choice for entry-level mail server, application server, database or web servers. See Servers Australia website for complete details on our ‘Starter Series’.

Also, as part of our Equinix SYD3 Launch Promotion, we are giving away 50GB free data per 1RU, saving up to $55.00 per RU. Backed by state-of-the-art security, network connectivity and redundant power, Equinix is the ideal location for your colocated equipment. See Servers Australia website for details on our ‘Equinix Colocation’. (Available to new colocation customers only.)

These special offers expire on the 10^th November, so be quick to take advantage of these deals. Call us on 1300 788 862 or email sales@serversaustralia.com.au.

Now that the worst of the Flooding is over, now is not the time to stop donating or supporting our fellow Australians.

They are going to need our support more than ever now. With their homes destroyed and no where to live its our responsobility to support them. So until further notice we will be donating all of our setup fees from our dedicated servers (http://www.serversaustralia.com.au/dedicatedservers.php) and our Colocation at Tuggerah (http://www.serversaustralia.com.au/colocation.php) to the Flood Relief Appeal (http://www.qld.gov.au/floods/donate.html).

We are even putting the challenge out to our competitors to follow us and support our fellow Australians. So to all of our competitors we urge you to take us up on this challenge and donate all setup fees from dedicated servers, VDS/VPS and colocation to the flood relief fund.

Interesting:

To see the REAL extent of these floods news.com.au has before and after interactive photos. The extent of the floods is amazing. Here is the link here: http://www.news.com.au/breaking-news/floodrelief/queensland-floods-interactive-before-and-after-photos/story-fn7ik2te-1225987255127

Here is an example of the pictures you will see at the link above (Note this isn’t our picture and we didn’t take it. Its from the link above and I think its owned by news.com.au)

Before:

After:

These pictures are from: http://www.news.com.au/breaking-news/floodrelief/queensland-floods-interactive-before-and-after-photos/story-fn7ik2te-1225987255127

There are more pictures of the floods here: http://www.dailytelegraph.com.au/news/gallery/gallery-e6frewxi-1225987002501?page=1

And again, please donate to the flood appeal. To our competitors, follow us in donating our setup fees to the floods.