先週の水曜日ころかなー、自分が普段お世話になっているレンタルサーバー屋さん「xserver」さんからこんなご案内が。
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
To improve the security of « WordPress administration tool ».
Implementation of access restrictions from IP addresses outside Japan, and
About the addition of « Restricting IP access outside of WordPress » function
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
In WordPress, a popular blogging tool
Due to the large number of users, brute force attacks on management tools
(a method of attempting to log in by trying IDs and passwords at random).
Many of them have been reported.
In our service, especially this week, we’ve been receiving a lot of requests from customers who are running WordPress.
via an IP address outside Japan.
A large number of brute force attacks have been confirmed.
In response to this, we’ve taken steps to prevent your WordPress from being hijacked by unauthorized people.
In addition, in order to prevent excessive attack processing from increasing the server load and causing server failures, the
If you have a WordPress that is already running or will be installed in the future.
Web access from foreign IP addresses to the following administration tool URL is prohibited.
The Company has decided to limit the number of
Addresses that have been restricted
/wp-admin
/blog/wp-admin
/wp/wp-admin
/wp-login.php
/blog/wp-login.php
/wp/wp-login.php
In the server panel, the
We will add a new feature « Restricting IP access outside of WordPress » which will allow you to remove this restriction.
Hoho, so that’s what happened to you. It’s true that WordPress is popular all over the world.
A few days later TechCrunch also had this news.
You might want to do the two-step verification mentioned here as soon as possible.
If you’re managing it on your own server and not WordPress.com, this looks good.
How to set up 2-step verification for your WordPress blog with Google Authenticator plugin
Google AuthenticatorプラグインでWordPressブログを2段階認証に設定する方法WordPressのブログで2段階認証を実装する方法を解説する。設定方法は簡単で、Googleアカウントの2段階認証を有効にしたうえでスマートフォンのGoogle認証アプリとWordPressのGoogle Authenticatorプラグインを利用するだけ。不正ログインを防ぐためにぜひ実装したい。
By the way, I’m going overseas next month, so only when I update my blog then. You can easily switch from the server panel.
As for xserver, the price is 1,050 yen per month even for the cheapest plan, but because the server capacity, the number of DB, support, etc. are very substantial, I think there is enough value above this price. The speed of the response of the support desk is really wonderful.