Brute Force Attack on WordPress

On April 10th, our SEO servers that mainly hosting WordPress sites were subjected to a Brute Force Attack. Our System Administrations immediately started working on the affected servers and investigated the issue and became aware of potential brute-force attack on the default WordPress admin login pages.  A WordPress brute force attack is a method used to obtain the WordPress admin password by using automated software that generates a large number of multiple combinations of passwords to obtain the desired password.

We have already taken proactive steps to reduce the impact from these attacks by creating a custom security rules on our firewalls, however since there are thousands of IP’s being used in the attack, the process of blocking attacker IP’s have a direct impact on the performance all affected servers.

Your ongoing patience as our team finalizes the troubleshooting process is the best course of action, and is greatly appreciated.

Is there anything IP do?

Yes we need your help to resolve this issue. We strongly recommend that you proceed with the following with immediate effect :

1. Change your WordPress Password

Make passwords at least eight characters in length and make sure to use a mixture of upper and lower-case letters along with numbers and punctuation (such as $, &, !, etc.) added in between the letters. Having a strong password in place helps to protect against future brute-force attack attempts, and has the added benefit of significantly reducing the chances of malware being installed on your website or on our system.

You can also get a good idea on creating a strong password from www.howsecureismypassword.net (Use only dummy passwords to test – don’t use your real passwords)

2. As the attack is targeted towards the WordPress sites that use admin as the username we would highly recommend you to change your admin username. Following url will explain you how to change your WordPress username

http://www.digitalkonline.com/blog/change-your-wordpress-admin-username/

3.  If you are unable to access your WordPress admin panel at this time to do the above changers, please remain patient as we have as we have disabled some WP admin url’s for 24 hours in order to prevent password scanning on them. If you woild like to enable access to your PC please add the following code to your htaccess file.

<Files ~ “^wp-login.php”>

Order deny,allow

Deny from all

Allow from x.x.x.x

</Files>

(replace x.x.x.x with their ip what they get from www.whatismyip.com)

For more details on editing the htaccess file and adding the code please visit the following url;

http://wordpress.noc38.com/how-to-edit-htaccess.htm

Your ongoing patience as we finalizes the troubleshooting process is the best course of action, and is greatly appreciated.

Best Regards,

PLiKhost Web Hosting

————————-

Discussions about the Attack: 

WebHostingTalk:  http://www.webhostingtalk.com/showthread.php?t=1255387

HostGator: http://blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/

Siliconrepublic:  http://www.siliconrepublic.com/strategy/item/32269-massive-brute-force-attack/

HostingDiscussion: http://www.hostingdiscussion.com/customer-service-support-issues/32748-wordpress-brute-force-attack.html

Sucuri.Net: http://blog.sucuri.net/2013/04/mass-wordpress-brute-force-attacks-myth-or-reality.html

HostDime: http://www.hostdime.com/blog/2013/04/brute-force-attack-affecting-global-wordpress-installations/