WordPress Brute Force Attack

Hello TCH’ers,

I would like to inform everyone that a large distributed brute force attack against sites running WordPress is occurring throughout the entire internet. There are dozens of reports coming from various web hosts, both large and small, that a very large botnet with close to 90,000 servers is trying to log into random WordPress Dashboards by cycling through various usernames and passwords, otherwise known as a Brute Force attack.

Here’s What We Are Doing:

We have been battling this attack for the past 3 days and have had to block all requests to wp-login.php. We realize this may cause minor inconveniences for some clients, but we ensure you that we feel it is in the best interest of keeping your site and our servers safe. We also see that this is the current recommended solution throughout the internet for this issue.

Edit: April 12, 2013 – 5:10 PM (EST) – We have now enabled access to wp-login.php.

If you are currently having issues accessing your WordPress site, please submit a support ticket at our help desk so our technicians may investigate it further. You can access the help desk at http://support.totalchoicehosting.com

Here’s What You Can Do:

We would like to remind you how important it is to use strong passwords throughout all of your accounts. It is very important to change your password regularly to help protect yourself against these sort of attacks.

We also urge you to make sure you are using the latest and most updated stable scripts available. If you are using an older version of WordPress, Joomla, Drupal, etc., you should update immediately.

Limit Login Attempt: We recommend limiting login attempts to your WordPress Dashboard. There are various plugins that can help accomplish this. Here is an example of one: http://wordpress.org/extend/plugins/limit-login-attempts/

Install Google Authenticator: Thanks to a fellow TCH’er, we can recommend installing Google Authenticator. It enables a 2 part authentication process to add an extra layer of security to your blog.

Bad Behavior Plugin: Another TCH’er recommended looking into the Bad Behavior Plugin.

Thank you for your patience and understanding and remember, don’t hesitate to create a support ticket if you need help!

Edit: The attack is so widespread and well known that even magazines are covering it! http://www.pingzine.com/wordpress-admin-accounts-targeted-by-botnet-23840/