Protect your WordPress Website from DDoS Attacks
For any clients/readers who have WordPress sites elsewhere on shared hosting…
The hosting world is currently seeing a large scale DDoS attack that seems to be aimed specifically at WordPress Sites on shared hosting (at present those on non shared hosting do not appear to be being targeted). The attack hits the wp-login.php and bombards it with the ‘Admin’ username and repeatedly attempts to break the password.
For any of our blog followers on shared hosting, have a look at this login attempt limiting plugin to help mitigate the DDOS attacks.
Check that your ‘Admin’ password is something random, rather than a word – eg “tCTNRZGr8Ci8DeLdRG”. You can click here for a guide to changing your Wordpress password even if you cannot remember it.
Also it will be worth making sure you are running the most up to date version (3.5.1) of WordPress (there will be a banner across the top of your admin control panel if you are not).
Nimbus will be closely monitoring the situation to make sure that the attack does not start hitting non shared platforms. If you have a WordPress site on your hosting with Nimbus, it is always worth making sure you use secure admin passwords and keep the software up to date.