We are currently experiencing a Denial of Service (DoS) Attack on several of our shared Linux servers. The target of the attack is against any site that is running WordPress. We have been able to mitigate most of the traffic by implementing a redirect for the WordPress Admin Page. During this time, you will not be able to access WordPress Admin of your site. Once the issue subsides, we will re-enable access for you.
If you have installed WordPress on your site, please take a minute or two to ensure your site is protected against attacks like this one. Here are some basic security tips:
- The easiest thing you can do to increase the security of your site is to change both the admin username and password. By default, the administrator login name is set to “admin” – and most brute force scripts have this ID and some basic variations (e.g. administrator, root, test, etc…) hardcoded as the IDs they attempt to break into. Change the username for your administrator account to something obscure.
- Make sure your password is strong. You know the drill: more than 8 characters, letters and numbers, no English words, no dates, mixture of capitals and lower case. Consider using a random password generator and a secure password manager to store it so you don’t have to memorize it.
- Install a security enhancing plug-in. The core WordPress application lacks some basic security features, such as the ability to limit the number of failed login attempts. Fortunately, you can add functionality like this via some popular plug-ins:
- Bad Behavior: http://wordpress.org/extend/plugins/bad-behavior/
- Better WP Security: http://wordpress.org/extend/plugins/better-wp-security/
- Limit Log-in Attempts: http://wordpress.org/extend/plugins/limit-login-attempts/
This is currently our top priority and our Platform Administration Team are currently working on a more permanent fix.
Please continue to monitor this posting for updates and, as always, if you should have any further questions or concerns, please do not hesitate to contact us.
