Global Brute Force attack against WordPress websites
The globally distributed attack against WordPress websites, that started a few days ago, continues to increase in intensity. At present, we at SuperHosting.BG recognize a large number of requests directly to the WordPress login form (wp-login.php). This results in increased load on our entire equipment. Our system administrators work to neutralize the problem. They are doing whatever it takes to find the most effective solution, as well. In the following lines you can read more on the attack and how to protect your websites.
At present, there is a global large-scale Brute Force attack against WordPress websites. The Brute Force attack represents an attempt to guess correctly usernames and passwords. These may be login data to a hosting or email account, website administration, etc.
The attack has been organized, distributed (from a lot and various IP addresses) and addresses all WordPress systems, irrespective of the hosting solution used. This means that all sites using WordPress globally (almost 64 million) are potential “victims” of the attack.
At present, there are more than 100,000 IP addresses that are being used. The attack started last week, after which it stopped. For several days, however, it has been active again and unfortunately there is no information on when it will stop.
The attack aims at guessing login data for the WordPress administration panel. WordPress websites are accessible on:
Actually, a POST request to the address specified is sent, as random usernames (admin most often) and passwords are being submitted.
Our security campaign reveals the steps, that must be taken for improving your website security, the measures, that must be taken after a malicious access is found and prevention of unauthorized access. In the first post of our security campaign we spoke about the 10 most important steps to improve your website security.
The technical support team at SuperHosting.BG recommends to protect your websites from the current attack as follows:
1. Check your WordPress login details. If you use a password that is easy to guess, you must change it. It is advisable that your password is long (more than 8 symbols) and it should contain uppercase and lowercase letters, numbers, and special characters (^%$#&@*). Example for a strong password:
2. If you use the ”admin” username we strongly recommend you to change it.
3. Protect the WordPress administrative panel with additional username and password.
4. WordPress Plugins for additional protection
There are also a lot of plugins for additional protection, e.g. admin URL address change, add-on for a number of unsuccessful access attempts, after which the access to the website administration panel, etc. is blocked.
Among the most popular are:
Some of these plugins also include options for the above recommendations.
You may activate CloudFlare under the “‘CloudFlare” menu in cPanel.
Due to the massive attack server load is increased. The colleagues from System administration department work on neutralizing the attack and recovering the correct operation of all websites. We will keep you posted.