Almost all major web hosts are reporting a global brute force attack on WordPress installed websites. The attack is define as “well organized and very distributed with over 90,000 IP address involved in the attack according to HostGator.
The attack is not simply limited to WordPress but even Joomla installations have not been spared. Over all its seems WordPress centric mainly because of the sheer number of websites hosted by using WordPress.
This botnet with over 90,000 IPs is trying to loging multiple times with using different usernames and passwords. The simplest way to break-in would be a weak password.
What can you do for your website’s safety?
Make sure you have the latest updated WordPress version for your website. Also make sure all your plugins are updated regularly. Finally the importance of having a good password and changing your admin password regularly cannot be over-emphasized. Make sure the password is complex and a mix of alphabets, numbers and special characters.
You can also refer to WordPress security guide on WordPress.org Codex.