Note: This article was originally published in 2013. Some steps, commands, or software versions may have changed. Check the current WordPress documentation for the latest information.

(http://blog.resellerclub.com/2013/04/12/global-attack-on-wordpress-sites/ “Global Attack on WordPress Sites”)

I´ve been rather busy but I thought I would share this. I received an email from our web hosting provider indicating that there is a global distributed attack that aims at compromising WordPress and other (http://en.wikipedia.org/wiki/Content_management_system “Content management system”) installations in order to orchestrate attacks remotely. I am sharing the original message below so you can take the appropriate precautions to secure your site and understand the importance of keeping your blog up to date with the latest bug fixes and patches. I should also point out this risk is very real. After monitoring my site I can see I am also being targeted by this random distributed attacks. Keep in mind they are automated random attacks, so even if you are the least popular and/or important blog out there, if they find your (http://en.wikipedia.org/wiki/Uniform_resource_locator “Uniform resource locator”) they will try to hack you (period). This just goes to show we should take cyber security more seriously on a global scale, which is something at least I and most people I know do not.  

As I write this post, there is an on going and highly distributed, global attack on wordpress installations to crack open admin accounts and inject various malicious scripts. To give you a little history, we recently heard from a major (http://en.wikipedia.org/wiki/Law_enforcement_agency “Law enforcement agency”) about a massive attack on US financial institutions originating from our servers. We did a detailed analysis of the attack pattern and found out that most of the attack was originating from CMSs (mostly wordpress). Further analysis revealed that the admin accounts had been compromised (in one form or the other) and malicious scripts were uploaded into the directories. Today, this attack is happening at a global level and wordpress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the (http://en.wikipedia.org/wiki/Internet_Protocol “Internet Protocol”)’s used are spoofed), it is making it difficult for us to block all malicious data. To ensure that your customers’ websites are secure and safeguarded from this attack, we recommend the following steps:

  1. Update and upgrade your wordpress installation and all installed plugins
  2. Install the security plugin listed (http://wordpress.org/extend/plugins/better-wp-security/)
  3. Ensure that your admin password is secure and preferably randomly generated
  4. Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress

These additional steps can be taken to further (http://wordpress.org/extend/plugins/secure-wordpress/ “Secure WordPress”) websites:

Also, we recommend using (http://www.cloudflare.com “CloudFlare”), which is available free with all our (http://www.cpanel.net “cPanel Inc”) accounts, to prevent the attack from affecting the functionality of your site.

(http://img.zemanta.com/zemified_h.png?x-id=88d7f9f5-6d04-4772-8b0a-3190753246b6)](http://www.zemanta.com/?px “Enhanced by Zemanta”)