Global Wordpress Bruteforce Attack

Tweet

Details on what a Bruteforce attack is-

As we put up this announcement, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence. This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack.

At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website. These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*).

The main force of this attack began last week, then slightly died off, before picking back up again yesterday morning. No one knows when it will end. The symptoms of this attack are a very slow backend on your WordPress site, or an inability to log in. In some instances your site could even intermittently go down for short periods.

To ensure that your customers’ websites are secure and safeguarded from this attack, we recommend the following steps:

Update and upgrade your wordpress installation and all installed plugins

• Install the security plugin listed here
• Ensure that your admin password is secure and preferably randomly generated
• Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress

These additional steps can be taken to further secure wordpress websites:

• Disable DROP command for the DB_USER .This is never commonly needed for any purpose in a wordpress setup
• Remove README and license files (important) since this exposes version information
• Move wp-config.php to one directory level up, and change its permission to 400
• Prevent world reading of the htaccess file
• Restrict access to wp-admin only to specific IPs
• A few more plugins – wp-security-scan, wordpress-firewall, ms-user-management, wp-maintenance-mode, ultimate-security-scanner, wordfence, http://wordpress.org/extend/plugins/better-wp-security/. These may help in several occasions



Also, we recommend using Cloudflare, which is available free with all our cPanel accounts, to prevent the attack from affecting the functionality of your site.

We might disable access to the WP-Login.php file temporarily for sometime if we notice things going out of control.

It appears all web hosts worldwide are feeling the effects of this. A few links are below just from Google/Twitter

http://www.hostdime.com/blog/2013/04/brute-force-attack-affecting-global-wordpress-installations/
http://forums.site5.com/showthread.php?p=191613
http://blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/


We are working to secure our servers as much as possible with various tools and scripts and will continue to do so. Our normal non urgent support today may be a little slower as a result of this and we thank you for your patience.

We will endeavour to post more information as we know it. At this time all our servers are up and running normally and there are no server issues.

--

Kushal R.

Host4Geeks Support