Distributed attacks on WordPress installations
In the last two weeks, the number of attacks on Word Press installations has increased exponentially. At the root of this issue is the software’s handling of login attempts. When a user tries to log in, the server processes that login check with a few database queries and log writes. Unfortunately, out of the box the software will enable someone to attempt a password repeatedly without issue. When this is done by several computers on one location at once, it’s only a matter of time until one of two things happens”
- The password is guessed
- The server crashes
In the first situation, the compromised installation is recruited into the effort, infected with a password-guessing script and folded into the distributed attack on other installations. In the second, websites located on the affected server are either down or extremely slow. With over 90,000 infected machines taking part in the attack and the startling number of WordPress installations on the internet today, you can see why this is such a problem!
A good password goes a long way
- Capital and lower case letters
Consider abbreviating a sentence you can remember. For example, “My dog’s name is Sampson, and he was born in 2001!” could easily become: ” MdniSahwbi2k1!” Though not perfect, this password is much more difficult to crack than something like “Sampson2001” We can change a password for you during normal business hours. Simply give us a call!
What is being done to protect my account?
Throughout the weekend, we took steps to integrate additional layers of protection to all WordPress accounts. Initially, we loaded a simple plugin to all WordPress installations which limits the amount of times a single IP address can guess an incorrect password for a given account. After a certain number of tries, that IP address is temporarily banned. This drastically affects the ability of these attacks to guess and compromise new accounts. None of our installations have been compromised.
We are taking additional steps to further improve security and ensure that this issue poses as little effect as possible to our customers. We will be sending out a mailing shortly with additional information.