Do you have a WordPress account with us? If so, we wanted to let you know about an attack on WordPress sites that started earlier this week, what we’ve done to combat it, and what you can do to protect yourself.
On Tuesday, a widespread “brute force” attack against WordPress started impacting sites across the internet. This attack is leveraging a botnet, which looks to have more than one hundred thousand different computers at its disposal. Its intent is very simple: to find and compromise WordPress sites with simple passwords, likely to use them later to distribute malware (and further increase the size of the botnet).
Today, this attack is happening at a global level and wordpress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IP’s used are spoofed), it is making it difficult for us to block all malicious data.
To ensure that our customers’ websites are secure and safeguarded from this attack, we recommend the following steps:
Update and upgrade your wordpress installation and all installed plugins
Install the security plugin
Ensure that your admin password is secure and preferably randomly generated
Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress
Also, we recommend using Cloudflare, which is available free with all our cPanel accounts, to prevent the attack from affecting the functionality of your site.