The past few days, WordPress sites around the world have either witnessed slower load or even downtime. Some may have even been hacked or spammed.
This is because there has been a global attack on sites using WordPress, specifically trying to find your password. This is not an attack on just one web host, but several.
So, what is a brute force attack. Well, a brute force attack according to Wikipedia is:
In cryptography, a brute-force attack, or exhaustive key search, is a cryptanalytic attack that can, in theory, be used against any encrypted data (except for data encrypted in an information-theoretically secure manner).
No worries, here are a few things you can do:
1. Change your password to something a little more complex. Make sure to use both uppercase and lowercase characters, as well as numbers and symbols. The longer the password, the better, but if you wish, no less than 10 characters should be used. Some places recommend 8, but I like to recommend just a little more.
2. Install Better WordPress Security, BulletProof Security, or some people recommend Limit Login Attempts. You may want to install one of the first two plugins instead of the last since Limit Login Attempts only does what the plugin title says it does.
3. If you are a dedicated server client with your web host, ask the host to install a more robust firewall plugin. They may charge, but it will work better than the default firewall program they usually install.
According to HostGator’s blog post on Global WordPress Brute Force Flood, you can ask your web host to password protect the .htaccess files and all WordPress login files. This offer is for their VPS and dedicated server clients. HostGator also provides a way that you can set this yourself with their WordPress Login- Brute Force tutorial in their Support Portal.
If you are having issues of downtime or load time, even though your host is aware of this happening, at least submit a support ticket so they can track this issue.
Have you had this issue? What have you done to combat this brute force attack.