How to Protect Your Website During the On-Going Global Attack on WordPress

Robyn Norgan
Apr 12, 2013

As you may have heard, WordPress, the open source blogging tool, is experiencing an ongoing and highly distributed global attack on its installations. This attack is happening across all hosting providers, including us. It is well-organized and so far over 90,000 IP addresses have been involved.

If you have a WordPress site, whether it is hosted with us or not, we recommend you take the following steps to protect your site:

1. Update your WordPress installation if you use version 3.5 to 3.5.1

2. Upgrade your WordPress installation if you use version 0.71-gold to 3.4.2

3. Install WordPress's security plugin

4. Change your admin password and ensure you're new password is secure

Those responsible for the attack are attempting to log in to WordPress installations using a list of the most commonly used username and password combinations, so a secure password is a must. A secure password should use both uppercase and lowercase letters, numbers, symbols, and be at least 15 characters long. Make sure your new password is not similar to your old password and does not include your name or login.

Post by Robyn Norgan

Apr 13, 2013 4:03pm
Please do NOT use a plugin (or advise others to) to block attacks of this type and scale. They are using one IP per login, no IP based plugin will work. Any plugin that uses PHP will cause problems on the server. Wordfence can easily crash a server during a large attack. Follow this guide if your site has been attacked (multiple entries containing wp-login.php in your access logs, even if you haven't logged in):
Apr 14, 2013 11:42pm
I was having bit confusion about this. Now i understood this concept fully. Nice Content...
Apr 17, 2013 12:52am