There is a highly distributed global attack on all websites using WordPress at every known web hosting provider. The attacks attempt to hack the admin accounts and inject malicious scripts to the website.
As of today these attacks are happening at a global level. WordPress installations across the globe are being targeted. Because the attacks are highly distributed, most of the IP’s used are spoofed, it is very difficult to block all malicious data, but not impossible. This is why many servers from every hosting providers have gone down in recent days including big names such as Godaddy and Hostgator.
HostGator’s analysis found that this attack is a well organized. The company reports that about 90,000 IP addresses are currently involved. CloudFlare reported the hackers are using about 100,000 bots. Matthew Prince, CloudFlare's founder and CEO, says that his company saw attacks on virtually every WordPress site on its network.
The websites that have been hacked had the “admin” accounts compromised and malicious scripts were uploaded into the directories. The following steps will help secure and protect your websites from these attacks:
- Make sure your WordPress installation and all of your installed plugins are updated
- Make sure your administrator's password is secure
- If you have a user account with the username "admin", create a new administrator account with a different username and remove that old "admin" account
- Install the security plugin WP Better Security
- Other ways of securing a WordPress website can be found here; https://codex.WordPress.org/Hardening_WordPress
These additional steps can be taken to further secure WordPress websites:
- Remove README and license files. This is very important since this exposes version information
- Prevent reading of the htaccess file
- Limit access to wp-admin.php and wp-login.php to your IP address
- Move wp-config.php up one directory and change its permission to 400
The volume of these attacks has been significant enough to attract global attention. This is a good thing. However, even when this attack stops, we all will still be in the sights of the hackers so take this as a warning, secure your WordPress installation now!