Major brute force attack against WP and Joomla sites

There is currently still a botnet actively attacking WordPress and Joomla sites. And probably more. It was extremely strong over the last week, and most likely you have seen a huge increase in blocked logins. If you have not, there is probably something wrong.

Irish web hosting provider Spiral Hosting emailed its clients to advise them of the brute force login attacks.

“There is currently a large scale brute force attack coming from a large amount of IP addresses spread across the world,” Peter Armstrong, managing director of Spiral Hosting explained.

“A large botnet has been attempting to break into WordPress websites by continually trying to guess the username and password to get into the WordPress admin dashboard. This is affecting almost every major web hosting company around the world. Our Network Operations Centre (NOC) has detected a significant increase in botnet activity in the last 24 hours.”

But be aware, simply blocking IP addresses doesn’t help against a bot net with more than 90,000 IP addresses.

If you use the default WP install plugin Limit Login Attempts, it stores the IPs in a serialized option that has to be unserialized on each request. This is very expensive and slow and could cause your site to become unresponsive.

Find a plugin that uses a separate database table or block the IP addresses in your .htaccess

There are some WP plugins that can help, either do your due diligence research or simply contact us for our recommendations.