It’s been going on roughly 2 weeks
Early this morning when I glanced at Grumpy Opinions Over night visits I was pretty impressed — Normally between midnight and 0600 the site gets between 6 and 700 human visits, and around 3500 pageviews. This morning the number of human visits was over 1200.
The stats told me something else, there had been 100’s of attempts, mostly from Indonesia, (there were also a lot coming from other other Asian Countries) to log into the site with site with the username Admin. I don’t know anyone named Admin- And Grumpy Opinions has no members named Admin – Over the last few hours there have been a bunch of attempts Mostly from Turkey and France…
WordPress Websites are under attack, plain and simple, they have been for the last two weeks. As far as I know, on-one knows yet who is behind it.
Before anyone gets nervous, There’s nothing to indicate Obamabots are behind this. It is a Global attack against all kinds of different websites, political, business, educational, you name it
WordPress website owners will find a link to the article below on their dashboard- For everyone else, if it seems a little more difficult to access your favorite website, it maybe because the site’s Administrator has hardened it up against a potential attack..
By The Way, I haven’t asked any legal experts yet. This does not seem to be the type attack the self serving CISPA law John Boehner rushed through the House of Representatives while we were focused on Boston would have done a thing to prevent.
My mother emailed me and asked if WordPress was under attack. With all the news of last week’s attack of the Boston Marathon, the attacks on WordPress and other PHP-based web publishing sites was low on the priority list for myself and others, but this is something to take seriously. As we get back to some form of normalcy in this trigger-happy, frighting world we live in physically and virtually, it’s time to address this issue of brute-force attacks on WordPress sites.
Here is what you need to know right off the top.
WordPress is safe.
The brute-force login attacks are not aimed specifically at WordPress. Reports are that Joomla, Drupal, and other publishing platforms are also being attacked.
The attack is directed specifically at logins, making use of vulnerable usernames and passwords.
To ensure your site’s security, make sure all usernames and passwords are alphanumeric and complex enough not to be guessed easily.
Do not share your username and password with anyone, even those you trust. Use your best judgement. Be cautious to the point of paranoia when accessing your site on shared or public networks and computers.
Check that all WordPress sites, Plugins, and Themes are up-to-date with the latest stable release of WordPress. No excuses.
If you or a client cannot log into a site or report an error when trying to log in, contact the web host immediately. Some web hosts have locked down direct access to the WordPress login file to protect customers until more information and a resolution can be found to strengthen login protection on their servers.
If you are on WordPress.com, your site is secure, however your password may not be. WordPress.com forced new users to choose a unique username several years ago, and their sign-in encourages strong passwords, but it is up to you to make sure your password is strong enough.
How to Protect Your WordPress Site
Read The Rest