Admin password spells trouble in recent WordPress attacks

Sources from several Web hosting services this week raised an all-out alert: WordPress was under attack with at least 90,000 IP addresses involved to brute-force crack credentials of WordPress sites. The attacks, they said, are worrying in that they are on an unusually large scale, being described as "superbotnet" level. Among hosting providers detecting such attacks were CloudFlare and HostGator. "The attacker is brute force attacking the WordPress administrative portals, using the username 'admin' and trying thousands of passwords," Matthew Prince, CEO of CloudFlare, said in an April 11 blog posting.

Such attacks can result in the commandeering of servers that run the WordPress blogging application. Might the attackers be in the process of building a strong, destructive botnet of infected computers? Prince added in his blog, "One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack."

The well organized, distributed attacks try to brute force the administrative portals of WordPress servers, employing the username "admin" and 1,000 or so common passwords. At least 90,000 IP addresses hit WordPress machines hosted by one hosting provider. "We have seen over 90,000 IP addresses involved in this attack," wrote Sean Valant of HostGator, in his April 11 blog posting. After a main force of the attack, signs were that it had died off, but then picked up again, he added.