Since yesterday morning, Lunarpages’ internal monitoring systems reported that WordPress users were subject to an unusually high number of attacks. Brute force attacks occur through exploited accounts at other hosting companies. The attacks are attempts to find users that have weak passwords and outdated installations. Once the attacker has found a WordPress account with a weak password, it’s used to gain access to the administration panel. Outdated versions of WordPress scripts are exploited and used to attack other hosting companies. Lunarpages has implemented additional security tools and is carefully monitoring traffic. However, the best form of protection against these attacks begins at the customer level. A tutorial for securing your WordPress is posted at http://www.lpwebhosting.com/blog/bulletproofing-your-wordpress-site-against-a-brute-force-attack
This particular attack is focused on WordPress users. It’s important to note that the attacks could just as easily be focused on any application. The reports are not limited to our network. Reports from all of the major hosting companies confirm that this is a wide spread situation.
Please feel free to contact us with any concerns or issues you might have.
Lunarpages Administration Team