Alert: Massive Brute Force Attack Targeting WordPress Websites

By Avery Hocutt | December 21, 2017

“The most aggressive campaign we have seen to date”

Early Tuesday morning, WordFence, a 3rd party security service for WordPress, posted an alert of a massive brute force attack campaign that was mounting by the second. By the time the world started waking up, the campaign had peaked at 14 million attacks per hour, making it, according to WordFence, “the most aggressive brute force attack in WordPress history.”

In a brute force attack, automated software is used to generate a vast number of consecutive guesses for certain data (in this case, passwords). The vast majority of them have been unsuccessful, but the scope of this particular attack sets it apart from the rest.

What to do

If you already have RLM’s OverSite™ website maintenance, there is no need to worry—we have already made the necessary updates for you.

If you do not have OverSite or a similar web patch and update service, it is important to quickly make the following changes.

  1. Update your password to something more complex. The password generator tool on the “Your Profile” screen is a great resource. Don’t use any password that you have used before on WordPress.
  2. If you have an admin-level account that has the default username “admin”, change it.
  3. Delete any unused accounts, especially unused admin accounts. The less “doorways” you have to your website, the lower the chance of an unauthorized entry.

Moving Forward

As we continue to watch this attack unfold, it’s important to spread the word so that other web owners can take action. Be sure to spread the news via social media and similar channels, and investigate firewalls and other security measures which can strengthen your security. Finally, consider investing in a regular website patch and update service. When your site is maintained and regularly updated, your risk for a cyberattack significantly decreases.

WordPress is the most popular content management system in the world and supports more than 60 million websites. Breaches of this kind are usually due to poor website management, not the platform itself.

If you would like to discuss the status of your website, please feel free to give us a call.