Status Update: Global Wordpress Attacks
The global attacks on Wordpress sites (and now, other sites as well) are still going, although the Wordpress attacks themselves have been significantly mitigated by most web hosts as well as security services like CloudFlare through a combination of techniques specifically designed to combat this particular and unusually effective attack.
CloudFlare CEO Matthew Prince said, "the botnet has the power to test as many as 2 billion passwords in an hour"
That is a lot of passwords, and unfortunately most people have very easily guessable passwords - like password and 123456.
The first thing you should do is get a better password:
The above site will generate a password of 29 characters with upper- and lowercase characters, numbers, and special characters. Hint: Drag the link above to your "Bookmarks bar" for one click access to a simple secure password generator.
If you need a place to store this password - download KeepassX and use the tips in my original article on the Wordpress brute-force attacks to make a memorable but still difficult password to unlock your Keepass with. This way you only have to remember one strong password, and you can store a new randomly generated password for each of your accounts - the nice thing about KeepassX is you can also (and should) set the passwords to "expire" after a certain time (set it to 1 month or less right now, especially if your site has been hacked or you found malware on your computer). The program will remind you to change the password but it will not change it for you.
Please be sure you have followed the guide: how to respond to the Wordpress attacks if you have any Wordpress sites
Peter Stolmar is a Linux Systems Administrator specializing in system security including fixing hacked websites, defending against large scale attacks, and educating users on the importance of "thinking secure".
Need help with securing your site(s), responding to a security incident, or custom Wordpress development? Call A Developer » 1-800-926-6167