clock menu more-arrow no yes

Filed under:

Massive botnet using brute force attack to target WordPress sites

New, 55 comments
hacking stock 640
hacking stock 640

A huge network of over 90,000 IP addresses has been targeting WordPress blog installations with a brute force attack, attempting to gain access by using the default "admin" username by trying multiple passwords. Two prominent hosting providers, CloudFlare and HostGator, report that the scale of the current attack is much larger than usual. CloudFlare tells The Next Web that is has blocked 60 million requests in the past hour. HostGator's Sean Valant describes it as a "global attack on WordPress installations across virtually every web host in existence."

The purpose of the attack isn't entirely clear, but as security researcher Brian Krebs reports, currently most of the attacks seem to be sourced from PCs, not servers. The attack seems to install a "backdoor [that] lets the attackers control the site remotely." Those backdoors will presumably be used to some followup attack at a later date, and in theory could cause more damage than a PC-based botnet attack.

If you have a WordPress blog, you're encouraged to strengthen your administrator passwords as a start — Krebs' post links to more tools for securing your blog.