Web Hosting -- VPS -- Dedicated Server

Wordpress WP-ADMIN

Monday, 23 May 2016 by Support1

Due to the Global Wordpress attack that has been on-going since the beginning of 2014.

A botnet of over 90,000 machines, is attempting to globally brute force and hack into wp-login.php which is the file that Wordpress users use to login to Wordpress.

The attack is sending thousands of requests at one time to attempt to login to your Wordpress installation via wp-login.php in an attempt to gain access to make it part of the growing botnet.

We've enabled a server wide ACL that blocks all access to wp-login.php unless the IP is whitelisted.

If you provide us with your IP from http://myip.paidoohost.com/ we can add your IP to the whitelist.

Additional recommendations: -Changing your default admin username for wp-admin to a different username as the attack is specifically targeting the admin username.

-Placing a browser-based password on wp-login.php

The link immediately below will explain how to do this: http://codex.wordpress.org/Brute_Force_Attacks#Password_Protect_wp-login.php

Additional information about the attack can be found here:

Back to list