The globally distributed attack against WordPress websites, that started a few days ago, continues to increase in intensity. At present, we at SuperHosting.BG recognize a large number of requests directly to the WordPress login form (wp-login.php). This results in increased load on our entire equipment. Our system administrators work to neutralize the problem. They are doing whatever it takes to find the most effective solution, as well. In the following lines you can read more on the attack and how to protect your websites.
What is happening? What is this attack about?
At present, there is a global large-scale Brute Force attack against WordPress websites. The Brute Force attack represents an attempt to guess correctly usernames and passwords. These may be login data to a hosting or email account, website administration, etc.
The attack has been organized, distributed (from a lot and various IP addresses) and addresses all WordPress systems, irrespective of the hosting solution used. This means that all sites using WordPress globally (almost 64 million) are potential “victims” of the attack.
At present, there are more than 100,000 IP addresses that are being used. The attack started last week, after which it stopped. For several days, however, it has been active again and unfortunately there is no information on when it will stop.
The attack aims at guessing login data for the WordPress administration panel. WordPress websites are accessible on:
Actually, a POST request to the address specified is sent, as random usernames (admin most often) and passwords are being submitted.
How can I protect my website?
Our security campaign reveals the steps, that must be taken for improving your website security, the measures, that must be taken after a malicious access is found and prevention of unauthorized access. In the first post of our security campaign we spoke about the 10 most important steps to improve your website security.
The technical support team at SuperHosting.BG recommends to protect your websites from the current attack as follows:
1. Check your WordPress login details. If you use a password that is easy to guess, you must change it. It is advisable that your password is long (more than 8 symbols) and it should contain uppercase and lowercase letters, numbers, and special characters (^%$#&@*). Example for a strong password:
2. If you use the ”admin” username we strongly recommend you to change it.
3. Protect the WordPress administrative panel with additional username and password.
Please note that admin panel protection is appropriate only if the new user registration option is disabled. Otherwise new users will not be able to access their accounts.
4. WordPress Plugins for additional protection
There are also a lot of plugins for additional protection, e.g. admin URL address change, add-on for a number of unsuccessful access attempts, after which the access to the website administration panel, etc. is blocked.
Among the most popular are:
Some of these plugins also include options for the above recommendations.
When using such plugins you should keep in mind that there may be a conflict with a specific plugin or theme on your website. Therefore, before installing and enabling a plugin, it is strongly advisable to backup your website!
You may activate CloudFlare under the “‘CloudFlare” menu in cPanel.
What are we doing?
Due to the massive attack server load is increased. The colleagues from System administration department work on neutralizing the attack and recovering the correct operation of all websites. We will keep you posted.