[wp-hackers] Detecting the present botnet attacks

Nikola Nikolov nikolov.tmw at gmail.com
Thu Jul 11 11:31:29 UTC 2013

@Jeff - you're right about the error code, but that's what WordPress
defaults to. As @John said - you can change the response code to anything
you want. I just wrote that quickly and I generally am the only one
logging-in, so I don't expect the users to log-in.

If you have users that are supposed to log-in to the site and you don't
have any alternative set-up(you can always have a front-end login form
which has nothing to do with wp-login.php), you can leave them a visible
message, a sticky post or whatever saying how they can log in.

The attack is massive and is targeted at the very small percentage that is
not protected well(has easy to predict username and password), so I would
guarantee you that at least at the current stage no one will actually stop
and read your site to see if there's a work-around for logging-in to the

On Thu, Jul 11, 2013 at 11:26 AM, John Blackbourn
<johnbillion+wp at gmail.com>wrote:

> On 11 July 2013 07:14, Jeff Morris <wp-hackers at zipsbazaar.co.uk> wrote:
> > First, a real HTTP 500 code indicates a fatal internal server error that
> > could result from anything, such as a typo in your .htaccess. In your
> case
> > no such error has occurred, so the 500 code is at best untrue.
> FYI you can pass a different HTTP status code to wp_die() in the $args
> parameter. Example:
> wp_die( 'Sorry, this service is unavailable', get_bloginfo('name'),
> array( 'response' => 503 ) );
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list