:::::Update 2:00pm Eastern – August 8, 2015:::::
The block has been removed on the wp-login.php pages. You can log in to your WordPress installation properly now.
:::::Update 2:50pm Eastern – August 7, 2015:::::
It has been determined by our team that attacks against users running WordPress is causing these servers to have issue. The attacks are directed towards the WordPress Admin “/wp-admin” directory.
To help us resolve this attack, we have placed a block to the WordPress Admin on these servers until we see the attack subside.
If you currently utilize WordPress, please review the following…
WordPress:
Starting with WordPress 3.7, automatic updates have been turned on and you should utilize this service. It still requires manual intervention to get started.
If you have installed WordPress on your site, please take a minute or two to ensure your site is protected against attacks like this one. Here are some basic security tips:
- Change both the admin username and password: By default, the administrator login name is set to “admin” – and most brute force scripts have this ID and some basic variations (e.g. administrator, root, test, etc…) hardcoded as the IDs they attempt to break into. Change the username for your administrator account to something obscure.
- Have a strong password: You know the drill: more than 8 characters, letters and numbers, no English words, no dates, mixture of capitals and lower case. Consider using a random password generator and a secure password manager to store it so you don’t have to memorize it.
- Install a security enhancing plug-in: The core WordPress application lacks some basic security features, such as the ability to limit the number of failed login attempts. Fortunately, you can add functionality like this via some popular plug-ins:
- Bad Behavior: http://wordpress.org/extend/plugins/bad-behavior/
- Better WP Security: http://wordpress.org/extend/plugins/better-wp-security/
- Limit Log-in Attempts: http://wordpress.org/extend/plugins/limit-login-attempts/
This plug-in will work with the latest versions of WordPress
Another recommendation would be to setup and configure your website to use CloudFlare. This is a free service and not only will it help with any types of brute force attacks to your website, CloudFlare will actually setup your site with their Content Delivery Network (CDN) which will Distribute your content around the world so it’s closer to your visitors (speeding up your site). It takes 5-minutes to setup and is COMPLETELY FREE!
——————————————————————————————————————————————————–
:::::Original Post – 2:28pm Eastern – August 7, 2015:::::
We are currently experiencing performance issues on Linux servers Lin-web09 and Lin-web17. Websites hosted on either of these servers are currently down or experiencing slow load times. If your website uses either of these IP addresses, you are likely affected:
- 204.12.60.153
- 67.59.136.101
Our System Administrators are working to resolve the issues as soon as possible. We appreciate your patience during these outages. Please check this blog post for further updates.
