There is an apparently ongoing and highly-distributed, global attack on WordPress installations across virtually every web host in existence. Because there are over 40,000 IP addresses associated with this attack, it is difficult to block access on an IP-basis.
From what we can tell, the source of these types of attacks began several months ago — our clients and servers have been lucky up to this point to have not been hit with these attacks. The symptoms of this attack are a very slow backend on your WordPress site, or an inability to log in. In many instances, such as what we are seeing today, the entire server can be affected by overload and database inaccessibility which prevents the sites from loading at all.
Since we do specialize in WordPress hosting and design, our servers are especially vulnerable to these attacks and as such, we are taking every action possible to resolve and prevent these issues.
We are looking into the possibility of password-protecting all wp-login.php files .htaccess on the server, but will need each client’s approval in order to utilize this method of protection.
Again, please recognize that this is a global issue affecting all web hosts and we are doing all that we can to rectify the issues being caused by this influx of attack attempts on our servers, particularly EDP2.
WordPress Login – Brute Force Attack
Measures You Can Take to Prevent Similar Attacks
- Secure (by password protection) wp-login.php for all WordPress sites in your cPanel account. This will help deter this type of attack.
- Generate a SECURE password: http://strongpasswordgenerator.com
- Log into your WordPress powered websites and change your passwords, ensuring that they are at least 8 characters in length and seemingly randomized, including both upper and lowercase letters as well as numbers and special characters.
If you would like help in accomplishing either of these tasks, please contact support via email or create a support ticket in the client billing portal. We will update this blog post when we have further information.