Brute Force Attacks on WordPress and Joomla Login Pages This Week
Over the past several days, many web hosts are reporting a sharp increase of brute-force attacks on their systems, including our hosting.
These attacks attempt to gain access to customer accounts that have weak passwords. While it's bad enough if an outsider is able to gain access to your site, this type of attack also wreaks havoc on hosting servers by overloading them with requests and causing them to function slowly or not at all for periods of time.
While these attacks are nothing new, this current wave is apparently sophisticated and very large in scope. If you are using our hosting or Godaddy hosting, the security measures being put in place to address this are causing some customers have difficulty accessing the admin pages for WordPress. Some sites may also have had intermittently unresponsive sites because of the attacks.
What the Hosting Company is Doing
The hosting security team continues to identify these attacks, down to the IP address, and block anything that looks malicious. Additionally, they have installed new features on every single one of their thousands of servers to block these bad guys more quickly.
What You Can Do
Regardless of whether you use WordPress or Joomla! for your website, this worldwide attack could affect you. That’s why it’s imperative that you use strong passwords.
We all know that “password” or "secret" is not a stellar password, but neither are dictionary words, your dog’s name, or the name of the street you live on. Attackers have lists of dictionary words and common passwords, and use those lists in attacks like we’re experiencing.
What Does a Sophisticated Password Look Like?
The tougher and more sophisticated your password, the more difficult it will be for an attacker to gain access. Given the reported scale and sophistication of this week's attacks, we recommend that each and every one of you login to WordPress and change your password to something very strong. More information on creating a strong password »
Please remember, if you use the same password for your hosting that you do for your bank account, an attacker could compromise much more than your website. Make sure your passwords are unique for all your accounts.
If you are currently being affected by this attack, thank you for your patience while the hosting companies deal with attackers. Hang tight...This too shall pass. 🙂