Global WordPress Brute Force Attack
Posted by admin on Apr 12, 2013
There is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence. This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack.
At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements. These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*).
You have now changed your WordPress password, correct? Good.
The main force of this attack began last week, then slightly died off, before picking back up again yesterday morning. No one knows when it will end. The symptoms of this attack are a very slow backend on your WordPress site, or an inability to log in. In some instances your site could even intermittently go down for short periods.
We are taking several steps to mitigate this attack throughout our server farm, but in the same breath it is true that in cases like this there is only so much that can actually be done. If you are hosted with us and you would like for us to take a more severe, heavy-handed approach to mitigate this attack, we can do this via means such as password-protecting (via .htaccess) all wp-login.php files on the server. If you would like our assistance with this, please contact us.
Again, this is a global issue affecting all web hosts. Any further information we could provide at this moment would be purely speculation. Our hope is that this attack ends soon, but it is a reminder that we must all take account security very seriously.
We will update this blog post when we have further information.