Global Brute Force Floor Attack on WordPress Sites
As I write this article, there is an on going and highly distributed, global attack on WordPress installations across virtually every web host in existence! This attack is well organized and again very, very distributed. The attack can be called as “brute-force” attack as well. Due to the nature of the attack, memory consumption on targeted servers has increased. In certain cases, this has resulted in degradation of performance!
At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website. These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*).
The main force of this attack began last week, then slightly died off, before picking back up again yesterday morning. No one knows when it will end. TetraHost started a thread on a popular forum where web host owner’s is sharing their experience with the attack and solutions. Here is the thread.
We are taking several steps to mitigate this attack throughout our server farm, but in the same breath it is true that in cases like this there is only so much that can actually be done. Again, this is a global issue affecting all web hosts. Our hope is that this attack ends soon, but it is a reminder that we must all take account security very seriously.
To ensure that your customers’ websites are secure and safeguarded from this attack, we recommend the following blog article and apply the security protection ASAP:
Other ways of Hardening a WordPress installation are shared here at:
The TetraHost support team has been hard at work with fighting the situation! We’ve taken proactive steps to reduce the impact of this event. We thank you for your patience.
Having trouble? You can always file a ticket at email@example.com.