WordPress Security – Global Brute Force Flood Attack
There is an on-going global attack on WordPress sites. This is a highly distributed attack which is affecting virtually every known web host and WordPress site. We have seen over 10,000 IP addresses involved in this attack.
At this time we recommend you login to your WordPress site and change the password. We highly suggest that you use a very strong password including uppercase characters, lowercase characters, numbers and special characters (&$@!*).
There are several things you can do fight these attacks from your end. We highly recommend using WordPress Security plugins such as WordFence along side Better WP Security. Both plugins can be installed directly from your WordPress admin panel. Alternatively you can use htaccess files to protect your WordPress admin directory.
Another option that seems to work incredibly well is CloudFlare. We have activated this on a few WordPress sites today that stopped the attacks within minutes. You can read more about how to enable CloudFlare through cPanel.
If you are running a WordPress site and need assistance with setting up any of these options you can contact us by submitting a support ticket.
Again, this is a global attack that is affecting all web hosts. We do hope this attack doesn’t last very long, however, it is a good reminder that we should all take account security seriously.