Update your Wordpress Login Passwords
Due to an unprecedented (and never before seen) level of "Brute Force Password Attacks" on Wordpress sites around the globe this
Posted on 13 Apr 2013 in General / 9,681 Views
UPDATE YOUR WORDPRESS + LOGIN PASSWORDS
Due to an unprecedented (and never before seen) level of "Brute Force Password Attacks" on Wordpress sites around the globe this week, we are issuing this warning / notice for the benefit of our Wordpress using customers.
This attack is being experienced on a global scale and is affecting every hosting provider on the planet. The attackers are using over 100,000+ infected PC's to issue millions of password guessing attempts per minute to Wordpress web sites.
There is no need to panic, but simply be aware and please use very secure passwords at all times.
WHAT THEY ARE DOING:
The thousands of attacking computers are part of a "BotNet". These systems are trying to login to Wordpress administration by "brute force attack". They are loading and submitting to the wp-login.php and /wp-admin pages thousands of passwords to "admin" and other common named accounts.
Brute force password variations include:
- all passwords in the hackers password dictionary like "qwertyuiop" "mypass1" "hiphop93" "heyheyhey" "password123"
- all words in the English dictionary + word, name and number combinations such as ""tree9281" "jane1944"
- all number and letter combinations from "0-99999999999" to "a-zzzzzzzzzzzzzz" - including all combinations of the two such as "dj38sh27s93"
WHAT YOU NEED TO DO:
1) Login and update your Wordpress user password to a Strong Level password - it should contain Upper and Lowercase letter, numbers, special characters.
IMPORTANT: if you do not know your current wordpress login do not try to guess it. If you get it wrong more than 3 times in 2 hours you will be blocked out of your login (part of how we are blocking the attacks). Please contact email@example.com with your Wordpress site domain address and we will reset your password for you.
2) Make sure your Wordpress software is secure and up to date. You should be running v5.2.1 + all plug-ins should be up to date.
3) If you have not already, install the "Bad Behavior" plug-in from the plug-in menu (search "bad behavior" in add plug-in). Using the default settings is fine. Note: other login protection plug-ins are proving to be in-effective against these attacks. If you have other login protectors installed such as Login Lockdown uninstall them and install Bad Behavior instead.
WHAT WE ARE DOING:
We are monitoring our servers closely and have already implimented network level security measures to help reduce the risks to our hosting customers using Wordpress sites. We have already logged over 103,000+ individual hack attempts across our server network in the last 24 hours - though no compromised sites have been reported. Our server admin has been hard at work and security systems are blocking attackers automatically as their IP addresses become known and confirmed as malicious. At the time of this newsletter send, most of the attacking systems pointed at out network have been successfully blocked, and the attack rate has slowed down from thousands of attempts an hour to less than a couple hundred per hour.
More information on this attack here: (from Hostgator - same situation though they were hit a couple days ago)
We expect that the hackers' BotNet of infected servers and PC's will eventually be shut down, though how long this will take is unknown.
Do still take the above precautions to protect your Wordpress site login.
If you require assistance please email us and we will respond as quickly as possible - your patience is appreciated.