Yes, there is really a WordPress attack happening right now

wordpress logoAt about noon today I installed the Limit Logon Attempts WordPress plugin due to the recent reports of a major bot net attack on WordPress sites going on. Since then I’ve received the following reports:

1:18pm
3 failed login attempts (1 lockout(s)) from IP: 94.242.237.133
Last user attempted: admin
IP was blocked for 20 minutes

1:43pm
3 failed login attempts (1 lockout(s)) from IP: 66.85.172.250
Last user attempted: admin
IP was blocked for 20 minutes

2:22pm
6 failed login attempts (2 lockout(s)) from IP: 94.242.237.133
Last user attempted: admin
IP was blocked for 24 hours

3:43pm
3 failed login attempts (1 lockout(s)) from IP: 94.199.51.8
Last user attempted: admin
IP was blocked for 30 minutes

4:05pm
6 failed login attempts (2 lockout(s)) from IP: 66.85.172.250
Last user attempted: admin
IP was blocked for 24 hours

Yes folks, this attack is happening! Step one: DO NOT have ‘admin’ or ‘administrator’ as usernames. Ste 2: Install the a fore mentioned plugin.

And here’s the official advice from WordPress:

Here’s what I would recommend: If you still use “admin” as a username on your blog,change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem.

3 Replies to “Yes, there is really a WordPress attack happening right now”

  1. Thanks for the post. Several websites by me (wordpress blogs) also got attacked from the IP **.199.51.8, and not only once. I had already installed the plugins you mentioned, that’s why I saw the attack. But the system is still runiing and the attack did nothing fortunately.
    Greez

Leave a Reply

Your email address will not be published. Required fields are marked *