Increase in brute force attempts agains WordPress installations
Posted on 10 Apr 2013 by Valentin P
We must inform you that within the last 48 hours, worldwide malicious activity targeting WordPress CMS installations has spiked considerably.
WordPress is a widely popular blog CMS, which is used in a large percentage of Internet projects and presentations. Due to this, it takes considerably less effort for hackers to make use of WordPress engine vulnerabilities, insecure or outdated WordPress setups, compromised modules or similar means to compromise an existing WordPress installation. These types of attacks are common but we’ve noted a huge increase in such attacks over the past 2-3 day period.
In this case, a brute-force attack is taking place, in an attempt to pick WordPress admin area passwords, in the hopes of further usage of compromised accounts for malicious purpose. This issue is currently already known to many hosting providers, and is being discussed between our support teams. At the moment, several different solutions were implemented, including a number of firewall rules that are geared towards limiting the amount of possible login attempts from a single IP address to any wp-login file on a given server, with the subsequent block of the IPs that exhibit repeated malicious behavior in the server’s firewall rules.
This measure, developed by our team, has had a positive effect in halting the brute-force attack, but as a negative consequence, server load has increased, and customers are currently unable to access multiple WordPress Dashboards from a single IP address.
We urge all of our customers that are utilizing the WordPress CMS to upgrade to the latest stable release as soon as possible, change any WordPress admin area login credentials, and update any plugind and themes used, applying all available patches.
It is also recommended to reveiw the following security tips:
Should any questions or issues arise, please contact our technical department via our helpdesk https://www.whbsupport.com