If you’ve been using WordPress with WebHostingPad you’ve become familiar with the authentication popup we’ve had to implement in order to stop the ongoing global brute force attacks on WordPress admin login pages. Several months ago, Google released an update for Chrome that essentially broke this autehntication popup by not displaying the information needed to get past the popup.
If you compare the windows above, you’ll see the Chrome window on the left does not include the crucial username and password information needed to complete the form and get past the authentication window. This, pretty clearly, is quite the annoyance.
We understand that this is an issue, and as such we tried to remove the authentication popup to see if perhaps the brute force attacks had subsided, but unfortunately they have not as we almost instantly were attacked by it again. As such, we’ve had to re-add the popup.
Unfortunately this is a global attack on all WordPress accounts and the authentication popup is the most effective way we’ve found to stop it from affecting your services. Short of forcing all customers to install a plugin (which we don’t want to do), this is the safest thing for your websites and for our servers.
As an example, if you visit https://sucuri.net/security-reports/brute-force/ you’ll see just how many attacks are happening daily through this one firewall alone. They are being hit by anywhere between 12 million and 50 million fake WordPress admin login attempts a day.
So, how do you get the authentication info if you’re using Chrome?
Step 1: Log in to your Account Manager by clicking here.
Step 2: In the navigation menu, click Support, then click on WordPress Auth Info from the dropdown menu.
Step 3: Find the authentication info for the server where you’re hosted. This is the information you’ll input for the username and password in the authentication popup window.
If you’re unsure which server you’re hosted on, you can find out by clicking on Services in the navigation menu and selecting My Services from the dropdown. From there, click on the hosting package. Under the Hosting Information box you’ll see a server name.
As always, if you have any questions or need help with any of the information above feel free to contact us any time.