Global Brute Force Attack on WordPress Installations

Major web hosts are fighting a global brute force attack on WordPress installed websites. The attack is well organized and distributed with over 90,000 IP address involved in the attack

wordpresslogo2Almost all major web hosts are reporting a global brute force attack on WordPress installed websites. The attack is define as “well organized and very distributed with over 90,000 IP address involved in the attack according to HostGator.

The attack is not simply limited to WordPress but even Joomla installations have not been spared. Over all its seems WordPress centric mainly because of the sheer number of websites hosted by using WordPress.

This botnet with over 90,000 IPs is trying to loging multiple times with using different usernames and passwords. The simplest way to break-in would be a weak password.

What can you do for your website’s safety?

Make sure you have the latest updated WordPress version for your website. Also make sure all your plugins are updated regularly. Finally the importance of having a good password and changing your admin password regularly cannot be over-emphasized. Make sure the password is complex and a mix of alphabets, numbers and special characters.

You can also refer to WordPress security guide on WordPress.org Codex.

Related: Check how strong your password is with this Microsoft Tool

2 Comments

Gaurav Sharma -SEO expert April 16, 2013

Is bluehost hosting wordpress account also affected from this brute force attack?

Manidip Bandyopadhyay April 20, 2013

This is horrible, I have been using Hosgator for more than a year but never heard of such attack before. The site mentioned in the website field went down but I had no idea about it. Once a month 3-5 min of outage is very common. But I had no idea about this brute force attack until I reached here. Finger crossed!