As I write this post, there is an on going and highly distributed, global attack on wordpress installations to crack open admin accounts and inject various malicious scripts.

To give you a little history, we recently heard from a major law enforcement agency about a massive attack on US financial institutions originating from our servers.

We did a detailed analysis of the attack pattern and found out that most of the attack was originating from CMSs (mostly wordpress). Further analysis revealed that the admin accounts had been compromised (in one form or the other) and malicious scripts were uploaded into the directories.

Today, this attack is happening at a global level and wordpress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IP’s used are spoofed), it is making it difficult for us to block all malicious data.

To ensure that your customers’ websites are secure and safeguarded from this attack, we recommend the following steps:

1. Update and upgrade your wordpress installation and all installed plugins
2. Install the security plugin listed here: http://wordpress.org/extend/plugins/better-wp-security/
3. Ensure that your admin password is secure and preferably randomly generated
4. Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress

These additional steps can be taken to further secure wordpress websites:

1. Disable DROP command for the DB_USER. This is never commonly needed for any purpose in a wordpress setup
2. Remove README and license files (important) since this exposes version information
3. Move wp-config.php to one directory level up, and change its permission to 400
4. Prevent world reading of the htaccess file
5. Restrict access to wp-admin only to specific IPs
6. A few more plugins – wp-security-scan, wordpress-firewall, ms-user-management, wp-maintenance-mode, ultimate-security-scanner, wordfence, http://wordpress.org/extend/plugins/better-wp-security/. These may help in several occasions

Also, we recommend using Cloudflare, which is available free with all our cPanel accounts, to prevent the attack from affecting the functionality of your site.

Source: http://www.gossimer.com/announcements/8/Global-Attack-on-WordPress-Sites.html

I heard dt too! How can i locate ma meta key 4 verifying ma wordpress blog? I have tired d webmaster tool,but just can't find it. What if i failed 2 verify it,does it affect ma blog?

Thanks for the heads up! Trut

@OP that would be a DDOS,
Thanks for sharing.

I pray this does not affect the one and only website I have on wordpress.

AFOLSNETWORKS: I pray this does not affect the one and only website I have on wordpress.

Take the security STEPs outlined, it will help.

Well, thanks again for this headsup... I have almost 30 websites built with wordpress and I wasted no time improving the security of the very important ones!

Thankfully, the plugin mentioned: better wp security is a real blessing and I utilised a lot of the features!

I just got a notification now of how one of my less important sites was trying to be hacked! Check it out:

A host, 37.57.25.225(you can check the host at http://ip-adress.com/ip_tracer/37.57.25.225) has been locked out of the WordPress site at http://ayodejiagboola.com until Sunday, April 14th, 2013 at 11:50:46 am UTC due to too many login attempts. You may login to the site to manually release the lock if necessary.

So this is for real guys!

mededot: Well, thanks again for this headsup... I have almost 30 websites built with wordpress and I wasted no time improving the security of the very important ones!

Thankfully, the plugin mentioned: better wp security is a real blessing and I utilised a lot of the features!

I just got a notification now of how one of my less important sites was trying to be hacked! Check it out:

A host, 37.57.25.225(you can check the host at http://ip-adress.com/ip_tracer/37.57.25.225) has been locked out of the WordPress site at http://ayodejiagboola.com until Sunday, April 14th, 2013 at 11:50:46 am UTC due to too many login attempts. You may login to the site to manually release the lock if necessary.

So this is for real guys!

@ MOD. please move this thread to front page, alot of need to read and take the security steps.

I wrote about this on GigaLayer too:
http://blog.gigalayer.com/post/47790939048/wordpress-hacking-10-steps-to-stay-protected-like-a-pro

Its very crucial to keep your installation protected.

Thanks bro for sharing!

i also noticed that in my newly opened wordpress site...... Too much login attempts by different IP's and usernames.....they where trying to login in to my admin but could not.....for several days they where doing this.

Do you know what i did, i laughed and deleted the wordpress since nothing much is there...... I changed host servers reinstalled wordpress and reinforce it with strong sercurity plugins.....

Since then i am good to go....

Dmayor7:
i also noticed that in my newly opened wordpress site...... Too much login attempts by different IP's and usernames.....they where trying to login in to my admin but could not.....for several days they where doing this.

Do you know what i did, i laughed and deleted the wordpress since nothing much is there...... I changed host servers reinstalled wordpress and reinforce it with strong sercurity plugins.....

Since then i am good to go....

Friday, April 12, 2013

I wrote a blog post here on how to prevent your WordPress website from being hacked here.

Please read and implement and you should be safe. Once again click here to read and implement.7 ways to prevent Your WordPress website from being hacked

Nathan2222:


Friday, April 12, 2013

Tricked me too.