This article is to let you know about an ongoing attack on WordPress sites. We wanted to explain what this means,and what is being done to keep keep site safe and also what you can do and what you can do to ensure and help protect your site. Unknown hackers are said to have have launched a large-scale attack against WordPress blogs on and unknown number of servers.
Almost all of the large server services such as Go Daddy, Hostgator, 1 and 1, CloudFlare and Host Excellence and many more have been attacked. These attacks are what is called brute-force attacks where a Bot tries to hack the WordPress login pages by trying to guess your username and password. The Bots being used are now relatively small. CloudFlare said on Friday last that, “One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack.”
Security firms are seeing an escalating number of “brute force” attacks against WordPress installations, which have been trying out logins such as “admin” and then running through thousands of commonly-used passwords to try to break in. One of the problem here is that WordPress does not yet allow a user to change their username but does allow users to change their passwords.
Security firm Incapsula announced that infected sites are seeded with a backdoor that gives the attackers remote control of the WordPress site. “The infected sites then are conscripted into the attacking server botnet, and forced to launch password-guessing attacks against other sites running WordPress,” Incapsula reported.
HostGator in their blog warned of this attack by saying, “As I type these words, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence,” HostGator said in a post. “This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack,” it said. HostGator is a prime supplier to the internet marketing community who uses WordPress sites more than any other style.
Symptoms of an attack are slow back-end performance or an inability to log in. In some cases sites may be inaccessible for a short time.
Security experts are advising anyone with WordPress installation to update their password immediately to one that meets the requirements on the WordPress website. In other words use longer and more complicated password. You can do this by adding Capital letters, numbers and symbols like ?,+,#,% etc.
I know a programmer and security consultant in my home town who advises nothing shorter than 14 characters and he uses over 20 in his installations. He further stated doing this will keep a site safe for many years to come.
In addition the web hosting companies have introduced hurried new security measures of their own. Host Excellence one of my web hosting companies announced in an email that they began blocking all attempted connections to the wp-login.php file. This block stopped the malicious connections from breaking in, but unfortunately, it also stopped legitimate users from logging in as well. This was a temporary, but necessary solution as we continued to work on a remedy for this situation. They further stated that they have now rolled out a new fix which blocks the malicious connections, but allows users to access their wp-login file. This means that if you have a WordPress site, you should now be able to login and make changes. Personally, I saw no disruption during the attacks on their servers. However, I did change and beef up my passwords to at least 14 characters.
If you are a proud owner of a wordpress site you can find instructions on how to change your password here: http://codex.wordpress.org/Resetting_Your_Password.