Large distributed brute force attack underway at 40,000 attacks per minute
This entry was posted in WordPress Security on March 6, 2014 by Mark Maunder 0 Replies
We’re seeing an unusually large WordPress attack underway – as you can see it triggered our automated alerting system which posted to Facebook and Twitter. The attack is visible on http://www.wordfence.com/ and it is currently peaking at 40,000 attacks per minute. Normal attack frequency is around 2,000 attacks per minute.
The attack started at 7:30 AM Pacific Time this morning. It is still underway. The nature of the attack is a large botnet that is generating a huge number of failed WordPress login attempts.
We recommend ensuring that all your WordPress admin accounts are using strong passwords, that you have Wordfence installed and the number of login failures set to 20 or less on the Wordfence options page.
You should have “Count login failures over what time period” set to 5 minutes and “Amount of time a user is locked out” set to 1 hour. An hour may not seem like much, but it will effectively defeat a password guessing attack.
We also recommend you enable “Participate in the Real-Time WordPress Security Network” because this will immediately lock out any attacks from the Botnet that is responsible for the current attack.
Please share this post if you have friends and colleagues that use WordPress to ensure they stay safe and secure.
Keep a close eye on your website logs and we will post to http://facebook.com/wordfence and http://twitter.com/wordfence once this attack abates.