Update 4/11/13 at 6:30pm EST:
At this time we are still working to fight against the brute-force attacks on WordPress sites. We want to clarify that this is not an issue exclusive to our hosting platform or even vDeck. The hackers have targeted WordPress sites hosted across a multitude of brands, and we are working alongside other partners in the industry to determine how we can resolve the issues we’re all facing. As we continue to focus all of our energy on the attack, we apologize for any additional delays with our support response-times. We can assure you that our staff is working overtime to eliminate the threat while keeping up with as many support tickets as possible. We take pride in delivering reliable and solid support, so again, we apologize to any and all of our customers who may be affected by this delay. We appreciate your patience and understanding.
Our team became aware of a potential brute-force attack on the default WordPress admin login page. A brute-force attack occurs when a third party attempts to access a system by repeatedly trying multiple combinations of passwords across a variety of usernames. Typically, this occurs to gain access to account data and obtain personal information for potentially malicious purposes.
Upon first noticing this activity, our team (who monitors system status 24×7) quickly enabled various filters aimed at preventing any further malicious activity. The filters accomplish this goal by establishing a secure firewall surrounding the third party’s IP address. Our team has been working tirelessly around the clock since the initial impact of this attack to mitigate any repeat activity by putting additional preventative measures in place.
What can I do?
At the moment, you may be experiencing service interruptions when attempting to log in to your WordPress account. As mentioned previously, third parties use these brute-force attack attempts to obtain user data by taking advantage of weak passwords. In turn, the frequency of these repeated login attempts can cause server slowness, and possibly, an inaccessible admin panel. Your ongoing patience as our team finalizes the troubleshooting process is the best course of action, and is greatly appreciated.
At the moment, we have restored login functionality for a majority of our WordPress users. Since the brute-force attack attempt was made using WordPress login information, we strongly recommend that all WordPress users update their WordPress login password to something more secure. Per WordPress’ recommendation, suggestions for a strong password include:
- Make passwords at least eight characters in length
- Use a mixture of upper and lower-case letters (since passwords are case-sensitive)
- Include numbers and punctuation (such as $, &, !, etc.) added in between any letters being used
Having a strong password in place helps to protect against future brute-force attack attempts, and has the added benefit of significantly reducing the chances of malware being installed on your website or on our system.
If you are unable to access your WordPress admin panel at this time, please remain patient as our team continues to troubleshoot this issue. We will continue to keep you updated in a timely manner regarding the resolution of this issue. However, please feel free to contact support at any time with additional questions or concerns about this occurrence, about your account, or about your online presence in general. We are available 24 hours a day, 7 days a week, and are dedicated to keeping you online and your website safe.