WordPress sites worldwide experience brute force attack
A large botnet is trying to gain access to WordPress blogs as part of a significant brute force attack being experienced by hosting companies all over the world.
The current attack assumes websites have the simple username ‘admin’ and is logging in repeatedly.
Peter Armstrong, MD of Spiral Hosting said: "There is currently a large scale brute force attack coming from a large amount of IP addresses spread across the world. A large botnet has been attempting to break into WordPress websites by continually trying to guess the username and password to get into the WordPress admin dashboard. This is affecting almost every major web hosting company around the world. Our Network Operations Centre (NOC) has detected a significant increase in botnet activity in the last 24 hours."
WordPress users can protect themselves from such attacks by using strong passwords using numbers and special characters, not using ‘admin’ as a username and installing additional measures to ensure their websites can’t be accessed via password alone. It is also recommended that any unused plug-ins or themes be deleted and the software itself be kept up to date.