Alert! Wordfence has detected an active attack on WordPress sites

Written by Tyler Jacobson on February 10, 2014

wordpress-logo-stacked-cmykWhat’s happening?

Wordfence sent out an email this morning, warning WordPress users of a detected distributed brute force attack on WordPress sites.

What do you need to do?

Make sure that you have added your site to CloudFlare. You can do this right now and for free by logging into your cPanel, clicking on the CloudFlare icon and activating it for each site that you have with MacHighway, especially WordPress sites. (Note: If you have a dedicated SSL on your site, you will need to subscribe to the premium CloudFlare service in order for this to work.)

You will also want to make sure that you have the Wordfence plugin setup and activated on your WordPress site. Once it has been added and activated, go to Wordfence > Options > make sure the option “Participate in the real-time Wordfence security network” is ticked.

Ensure that your installation(s) of WordPress is up to date, as well as, all plugins and themes. Instructions for doing that can be found here: https://customers.machighway.com/knowledgebase.php?action=displayarticle&id=385

More information:

The full message from Wordfence is below:

Dear WordPress Publisher,

If you would like to stop receiving WordPress security alerts and product updates from Wordfence, you can click here. You subscribed to this list via the Wordfence security plugin for WordPress. If you find this alert helpful, please give us a 5 star rating on WordPress.org.
As of 11am eastern time this morning we are monitoring the largest distributed brute force attack on WordPress installations that we’ve seen to date. The real-time attack map on www.wordfence.com became so busy that we’ve had to throttle the amount of traffic we show down to 4% of actual traffic.

A brute force attack is when an attacker tries many times to guess your username password combination by repeatedly sending login attempts. A distributed brute force attack is when an attacker uses a large number of machines spread around the internet to do this in order to circumvent any blocking mechanisms you have in place.

If you’re using the free or paid version of Wordfence you should have the option to “Participate in the real-time Wordfence security network” under ‘Other options’ enabled. This will immediately block any attack originating from an IP address that has attacked other WordPress sites using Wordfence. This is an effective defense against this kind of attack.

We recommend that until this passes you monitor your WordPress websites closely for unusual activity including logins, account creation or changes to the public facing website.