Worldwide Brute Force Attack Occurring On WordPress Sites

Earlier this week we noticed a large uptick in Brute Force attempts on our hosted WordPress sites.  Upon further review and discussions with our datacenter’s NOC team, we’ve noticed that we are not alone in this.  Virtually every hosting provider has been affected this week by these attacks.  In its simplest form, a Brute Force attack is someone repeatedly trying to guess your password at the login form.  The automated process will submit passwords at the rate of hundreds a second until one matches a valid account, or the IP address is blocked.  All of our WordPress sites include security plugins that will ban these login attacks after 5 failed logins.  If you manage your own WordPress site with us, or another hosting provider, you will want to implement some security plugins.  The three that we have seen the best results with are:

  • Bad-Behavior
  • Secure WordPress
  • Login Lockdown

Additionally, on all of our WordPress hosted sites, we have implemented a Mod_security rule prompting for an additional layer of authentication.  This will be in the form of a popup box before you see your WordPress normal login.  What this does is it allows a low resource authentication method to stand in front of WordPress’s higher resource consuming login page, therefore decreasing the loads on our servers.  Our datacenter is working diligently to mitigate these attacks, however upon last discussion it was coming from well over 90,000 IP addresses from all over the world.

What can you do?

  1. Reach out to us to receive the additional login and password for your WordPress site
  2. Change your WordPress password to something secure.  A secure password is atleast 8-10 characters in length containing atleast 1 number, 1 uppercase character, 1 lowercase character and 1 symbol.  For example, P1zzA76H0nd@ would be a good password.
  3. Update WordPress.  People, running WordPress 3.0 is like screaming to the world that you have over 5 versions of vulnerability.  WordPress by default will publish your version info unless you instruct it not to do so.  Your site should be on version 3.5.1 (with 3.6 coming out soon).
  4. Implement the 3 security plugins above.

If you have any questions, please contact us and we’re happy to help or discuss any concerns.