NEWS: Brute Force Attack on WordPress Sites

No, this isn’t a false alarm. Please pay close attention. At least 90,000 IP addresses have been affected to date. I know that one of the accounts that IWD maintains was hit yesterday. I was able to shut them out and protect the site from further harm.

Symptoms of the attack:

  • Slow back-end admin area
  • Inability to login to admin area
  • Intermittent outages for public-facing pages

Steps to the cure:

  1. If you can still get into your admin area, change your password. It should be at least eight characters but longer is better. It should have mixed case letters, at least one number and at least one special character (^%$#&@*). There should not be any recognizable words or abbreviations.
  2. If you cannot get into your admin area, contact IWD for assistance.