WordPress Under Attack
For the last few days we (any most other web hosts) have been seeing a coordinated brute force attack on WordPress installs. A brute force attack is a method used by hackers trying many different password and credential combinations in rapid succession in an attempt to obtain your login information.
Initially the attacks were coming from single IP addresses that could be blocked. The initial attacks caused high load, but were successfully fended off. The attack has evolved into a distributed brute force attempt, where random IP addresses are being used. Since the attack is now random we cannot simply block an IP address that is repeatedly trying to login. To keep your site safe, we have temporarily disabled WordPress login capabilities for the affected web sites. If you end up with a “Access denied” message when trying to log into your WordPress site, then your site is affected. We are working on alternate methods to mitigate the attack.
If you need immediate access to your WordPress install, send us an email with your current IP address and the URL of your WordPress site and we can open a spot for you.
Update 4/12/13 2:00PM EST:
The attack has lessened in intensity but is still continuing. For now we are keeping many WordPress installs locked down to protect your sites and passwords as it is the best way to keep things safe. As before, if you need immediate access to your WordPress install, send us an email with your current IP address and the URL of your WordPress site and we can open a spot for you. We will continue to update this post as the situation develops.
Update 4/12/13 2:30PM EST:
The 1st news articles are beginning to break regarding this attack.
Update 4/12/13 7:30PM EST:
WordPress logins have been re-enabled. We are monitoring and will post an update here if the situation changes. In the meantime, everyone using a WordPress install should perform these 2 steps:
- Make sure you are using a strong password. You can generate strong passwords here for free.
- Hide your wp-admin by following the guide here. Note you should pick something unique for your login URL.
Posted in: Server OutagesLeave a Comment (0) →