Ongoing WordPress Security Attacks, The Details and Solutions

wptargetHere is a great article that’s been making the round regarding the hows and whys of the recent WordPress attack and what you can do to prevent their success:

There is a very real, very large ongoing attack against WordPress sites. It has been going on for a while now, but it severely escalated last week.

While there is a lot of chatter about this situation around the web, I thought I should write this post for two reasons: 1) not everyone in our community follows all of the WordPress and tech news and 2) most of the coverage has been either extremely technical or very light on details and recommendations. My goal in this post is to not only inform you about what is happening but why it is happening and what you can do about it.

The Attack

The details of the attack has been covered far and wide. Hostgator was one of the first big names to break the news about the attack with their Global WordPress Brute Force Flood post. The WordPress security team at Sucuri has as series of blog posts about the topic covering how to protect your site, the reality of the attacks, and the consequences of such attacks. Security blog Krebs on Security has a good post covering the topic in depth.

The short and simple explanation of what is happening is that one or more illegal botnets (a network of hundreds, thousands, or millions of compromised computers that are being exploited to perform attacks, send spam, etc) are being used to brute-force attack WordPress sites. The goal of a brute force attack is to try as many username and password combinations as possible in order to find valid login credentials. It’s as if someone was trying to guess the combination on a combination lock, but rather than being limited to a single guess every few seconds, they could make hundreds or thousands of guesses a second while never getting tired.

Read the full article on

Published by

Michael Sauers

Michael Sauers is currently the Technology Innovation Librarian for the Nebraska Library Commission in Lincoln, Nebraska and has been training librarians in technology for more than 15 years. He has also been a public library trustee, a bookstore manager for a library friends group, a reference librarian, serials cataloger, technology consultant, and bookseller. He earned his MLS in 1995 from the University at Albany’s School of Information Science and Policy. Michael’s twelfth book, Google Search Secrets (w/ Christa Burns) was published October 2013 and has two more books on the way. He has also written dozens of articles for various journals and magazines. In his spare time he blogs at, runs Web sites for authors and historical societies, takes many, many photos, and reads more than 100 books a year.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>