Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

WordPress Under Siege by 90,000 Servers

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

Have bloggers using WordPress become more surly lately? We can’t answer that. But, if they did, they’d have good reason. A study by one security company says in the last few months WordPress customer login pages have been having “issues” in the form of 30 to 40,000 attacks per day. “In April 2013, (the number of attacks) increased to 77,000 per day on average, reaching more than 100,000 attempts per day in the last few days,” says Web-hosting company, IXWebHosting.

Now it appears a botnet with more than 90,000 servers has been attempting to log in by cycling through different usernames and passwords. Mohit Kumar, Founder and Editor-in-Chief of, observes that the attacks have had an impact on Linux servers. Addressing the issue, hosting administrators have blocked all connections to wp-login.php.

Hostgator tells its customers, “At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website. These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including ‘special’ characters (^%$#&@*).”

Spiral Hosting issued this notice, “A large botnet has been attempting to break into WordPress websites by continually trying to guess the username and password to get into the WordPress admin dashboard. This is affecting almost every major web hosting company around the world. Our Network Operations Centre (NOC) has detected a significant increase in botnet activity in the last 24 hours.”

Kumar’s article contains two pieces of advice. One is that users should utilize .htaccess to protect their admin area and rename login pages. The second is to stay tuned to Twitter and Facebook WordPress pages for more information.

By ThreatMetrix Posted