Global WordPress Brute Force Attack

There is currently an on-going and highly-distributed global attack on WordPress installations across virtually every web hosting provider in the world. This has been going on for several days. Although we haven’t seen any examples of problems on our own network, it is occurring elsewhere. Symptoms of the problem include slow website loading, or failing to load altogether, as the attack causes very high server loads.

We recommend that all clients WordPress installation, that you change the password to something that meets the security requirements specified on the WordPress website.  These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*).

Also we suggest that if your login username is ‘admin’ that you change it to something else. You can do this by creating a new user with full administrator access, then login under that new username, and then delete the admin user. Please be sure to do a full backup of your website and database before doing this, just incase.

Also please be sure that ALL your plugins are up to date, and you are running the latest version of WordPress, which is currently 3.5.1

Please note that this is a global issue affecting all web hosting providers hosting wordpress installations.  It is also a good reminder that we must all take account security very seriously, and keep our websites up to date with the latest software updates.

Tags: , , ,