April 12, 2013

WordPress Attack

We have become aware of a very large distributed attack on WordPress site across the internet.

It would appear that automated scripts on infected computers are checking sites randomly to see if they have a wp-login.php file (the access file to the backend of WordPress). If this file is found, then the site is attacked from many multiple sources at once, in an attempt to brute force guess the login details.

This extra load will very quickly mean your site is running very slowly and affects the overall performance of our servers.

The major risk is that your login details will be guessed if you have a weak password. We recommend ensuring your password if very strong and also updating WordPress to the latest version.

We are actively blocking access to this file on any site we see being attacked. If you need urgent access to your wordpress backend, please contact us so we can whitelist your IP address.

Your site will continue to work as normal, so dont worry about that.

We will issue another update once we have more information

*** UPDATE Monday 15th April *****

We have put firewall rules in place now to block network packets containing certain information, which would match the hack attempt. This appears to be working for the moment and we are re-enabling access to users wp-admin areas. We will continue to monitor the situation.

If you have any problems getting access to your WordPress admin, please contact us

Elive Support