I’m sure you’ve seen the news reports during the last 72+ hours about a “massive” “global” “distributed” brute force attack on WordPress systems.
Brute force attacks are ongoing, and this is simply an increase in frequency. To protect yourself, make sure all default accounts like “admin” have been deleted or renamed and that your passwords are very difficult to guess. A brute-force attack is a relatively unsophisticated attack where one or more remote machines try to guess your password.
The more successful attacks are attacks where a back-door known only to a hacker (a zero day vulnerability) is exploited to gain access to your system without logging in. The Timthumb vulnerability which I discovered and fixed last year is an example of this. I haven’t seen any reports of a new “zero day” vulnerability being exploited in this attack.
The nature of the attack does suggest that a large portion of the brute force attacks currently underway may be originating from an individual or a single group. If successful this will result in a single individual or group having access to a large distributed network of compromised WordPress servers on relatively high bandwidth links. They can then launch further attacks from this platform. However, whether the attacks are being orchestrated by one person or one group should not affect how you protect yourself.
In this case:
1. Make sure your “admin” account has been renamed.
2. Make sure all your passwords are difficult to guess.
3. Make sure you’ve disabled and deleted all unused themes and plugins.
Don’t be alarmed if you see an increased flow of login attempts on your Wordfence live traffic screen (The Logins and Logouts panel). As long as your passwords are hard to guess and you’ve removed the “admin” account, you’ll most likely be just fine. If you’re bored, you can manually block each malicious IP address using Wordfence, or even block the originating Networks. But I’m not doing this on my personal sites because I have strong passwords and no admin account.
Be sure to download wordfence today Wordfence