{"id":18004,"date":"2013-04-14T23:52:18","date_gmt":"2013-04-14T21:52:18","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=18004"},"modified":"2013-04-14T23:52:18","modified_gmt":"2013-04-14T21:52:18","slug":"wordpress-passwords-and-brute-force","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2013\/04\/14\/wordpress-passwords-and-brute-force\/","title":{"rendered":"WordPress passwords and brute force"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p><a href=\"http:\/\/ma.tt\/2013\/04\/passwords-and-brute-force\/\">WordPress passwords and brute force<\/a><\/p>\n<p>From the man himself:<\/p>\n<blockquote><p>Here\u2019s what I would recommend: If you still use \u201cadmin\u201d as a username on your blog, change it, use a strong password, if you\u2019re on WP.com turn on two-factor authentication, and of course make sure you\u2019re up-to-date on the latest version of WordPress. Do this and you\u2019ll be ahead of 99% of sites out there and probably never have a problem. Most other advice isn\u2019t great \u2014 supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn\u2019t going to be great (they could try from a different IP a second for 24 hours).<\/p><\/blockquote>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>WordPress passwords and brute force From the man himself: Here\u2019s what I would recommend: If you still use \u201cadmin\u201d as a username on your blog, change it, use a strong password, if you\u2019re on WP.com turn on two-factor authentication, and of course make sure you\u2019re up-to-date on the latest version of WordPress. Do this and &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2013\/04\/14\/wordpress-passwords-and-brute-force\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">WordPress passwords and brute force<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"link","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,62,60],"tags":[1633,200],"keyring_services":[],"class_list":["post-18004","post","type-post","status-publish","format-link","hentry","category-general","category-technology","category-wordpress","tag-passwords","tag-security","post_format-post-format-link"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":16995,"url":"https:\/\/mamchenkov.net\/wordpress\/2012\/12\/07\/the-passwords-are-officially-obsolete\/","url_meta":{"origin":18004,"position":0},"title":"The passwords are officially obsolete","author":"Leonid Mamchenkov","date":"December 7, 2012","format":false,"excerpt":"Slashdot is reporting the story: a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric. Gosney's system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":22389,"url":"https:\/\/mamchenkov.net\/wordpress\/2014\/08\/15\/tek-security-groups-password-repository\/","url_meta":{"origin":18004,"position":1},"title":"Tek Security Group&#8217;s Password Repository","author":"Leonid Mamchenkov","date":"August 15, 2014","format":"link","excerpt":"Tek Security Group's Password Repository In this repository you will find helpful authentication brute forcing files. These files include known password defaults, usernames, common and specialized dictionaries, etc.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11412,"url":"https:\/\/mamchenkov.net\/wordpress\/2008\/11\/01\/passwords-are-like-women\/","url_meta":{"origin":18004,"position":2},"title":"Passwords are like women","author":"Leonid Mamchenkov","date":"November 1, 2008","format":false,"excerpt":"I don't know if this was posted by someone else somewhere else before (probably it was), but that's what I came up with yesterday, while explaining our password policy to one of the (male) colleagues. Passwords are like women: you should have as many of them as you can you\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":21491,"url":"https:\/\/mamchenkov.net\/wordpress\/2014\/04\/10\/lastpass-now-tells-you-which-heartbleed-affected-passwords-to-change\/","url_meta":{"origin":18004,"position":3},"title":"LastPass Now Tells You Which Heartbleed-Affected Passwords to Change","author":"Leonid Mamchenkov","date":"April 10, 2014","format":"link","excerpt":"LastPass Now Tells You Which Heartbleed-Affected Passwords to Change","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"lastpass","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2014\/04\/lastpass-500x281.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":27803,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/07\/26\/passwords-evolved-authentication-guidance-for-the-modern-era\/","url_meta":{"origin":18004,"position":4},"title":"Passwords Evolved: Authentication Guidance for the Modern Era","author":"Leonid Mamchenkov","date":"July 26, 2017","format":false,"excerpt":"\"Passwords Evolved: Authentication Guidance for the Modern Era\" is a good collection of guidelines and concerns for password management in the modern day. Here's the bigger picture of what all this guidance from governments and tech companies alike is recognising: security is increasingly about a composition of controls which when\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/07\/password-500x135.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":29111,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/19\/beyond-passwords-2fa-u2f-and-google-advanced-protection\/","url_meta":{"origin":18004,"position":5},"title":"Beyond Passwords: 2FA, U2F and Google Advanced Protection","author":"Leonid Mamchenkov","date":"December 19, 2018","format":false,"excerpt":"\"Beyond Passwords: 2FA, U2F and Google Advanced Protection\" is a rather lengthy, but insightful article on the subject of 2-factor authentication, multi-factor authentication, and other related options.\u00a0 It nicely explains which option is which and how it works, as well as clears a lot of confusion between these terms. The\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/Inserting-the-first-key-1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/Inserting-the-first-key-1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/Inserting-the-first-key-1.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/Inserting-the-first-key-1.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/18004","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=18004"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/18004\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=18004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=18004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=18004"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=18004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}