Industry-wide WordPress Brute Force Attack

What a day…

After we came across some unusual activity on many of our servers, we pushed out an article to help our WordPress users protect their WP-Admin areas from attackers. As the day went on we started to see more of the unusual activity, but this time with tens of thousands of IP addresses. This is a very well organized, highly-distributed global attack on WordPress installations across pretty much every web hosting provider in the industry.

We strongly suggest that you change your password on your WordPress installation. Something that is very hard to guess. lower case, UPPER CASE, 1234′s and $*@#&$’s.

We first noticed traces of this attack last week, it came and went. Last night is when we started to see the brunt of the brute force attack on the WP-Admin area. This caused websites to be slow and in some cases go up and down throughout the day today.

We’ve taken several steps to mitigate this attack but there is only so much that we can do and protect ourselves from attacks such as these. Servers with more WordPress installations are ones seeing the most service interruption.

This is an issue that has/is affecting not only GreenGeeks, but many other well known web hosting companies. It’s an on-going industry-wide attack. CloudFlare, with whom we work really close with has mentioned on its blog that it has pushed out a patch to protect WordPress users from this attack if they have their websites enabled with CloudFlare. Not using CloudFlare? Here are 4 reasons as to why you should. Also, if you haven’t protected your WP-Admin area, you should do that too.

*** UPDATE ***

Please ensure that you’re practicing the suggestions mentioned in our blog post: protecting against WordPress login attacks