[Important] Secure Your WordPress Password Immediately – Global WordPress Brute Force Attack
It is highly recommended that you ensure your WordPress login password is a secure password comprising of at least 8 characters and includes special characters (@#$%^&*), a variation of upper and lower case letters, and numbers.
Common Password Example:
Secure Password Example:
Beginning on Tuesday, a large scale and very organized distributed attack on WordPress websites initiated worldwide affecting almost all web hosts and anyone who hosts a WordPress installation.
These attacks are brute force in nature and specifically target the wp-login.php file, which is the script handling WordPress logins. The attackers have been, are, and will be focusing on common passwords to gain entry and compromise your WordPress website.
You should be safe if you are currently using a secure password as outlined above; however, the attack itself is very resource intensive and, depending on the severity of the attack at any given time, may cause your website to become sluggish or non-responsive for short periods of time. In some cases it has become necessary to completely block access to wp-login.php to prevent the servers from being overwhelmed.
This is the most widely distributed and far-reaching global distributed denial-of-service (DDoS) attack that has been seen in quite some time. Due to the extremely distributed nature and the scale of the attacks, we have implemented checks and measures to mitigate these attacks and minimize their effects.
Typically attacks of this nature do not last more than a few days. However we will continue to work to improve performance throughout the attack and provide you the best service possible.
Please share this post with your network to ensure the words gets out and everyone is kept safe.