Massive global attack going on against WordPress powered sites….

WordPress WarningHello,

There has been a massive global attack going on against WordPress, specifically the /wp-login.php (which is called by /wp-admin). Here is a very lengthy thread about the situation:

The attackers became very very aggressive overnight, to the point of shutting down 10s of thousands of servers running WordPress  They were able to greatly affect the performance of a number of the servers.

As the quick band-aid, as recommended in the above thread, was to block access to /wp-login.php and whitelist IPs for those that need it. It’s not a long term fix, but it has allowed the servers to remain stable. My hosting folks are working on a procedure to allow automatic whitelisting of IP addresses.

This attack started up on April 8th or so, and has compounded itself 10-fold the past few days. The thought is the attackers are hacking into old WordPress installations, getting their code installed, which gives them more “bots” to continue the attack like a virus that is server side.

For now there is no real solution to this World Wide Attack on WordPress powered sites.



Spread the word. Share this post!

Have no product in the cart!