Global WordPress Installation Brute Force Attack Well folks, this is not good news for WordPress enthusiasts worldwide! As I am writing this article there is currently a large scale, well organized, global attack on WordPress websites across a wide variety of website hosts. The attack appears to be highly organized and security providers have detected over 90,000 different IP addresses involved in the ongoing assault.

Our best advice is that you log into your WordPress installation and change all administrator passwords to something that meets recommended WordPress security standards. These standards are typical of any secure password’s: both uppercase and lowercase letters, a minimum of eight characters long and including special characters such as @#$%%. I also highly recommend that you change your WordPress username from “Admin” to a more secure personal username.

At this point in time, authorities do not know who is behind the current onslaught of attacks but are tracing the IP addresses in an attempt to locate the source. This attack began slowly last week, then died off before picking back up yesterday morning. The symptoms that your site has been attacked are a very slow backend on your WordPress website, or a complete inability to log in. In some cases your site could even intermittently go down completely for short periods.

If you want to add an additional layer of security there are several WordPress security plugin’s on the market that I highly recommend. Here is the short list of the recommended plugins.


  • #1 – Bulletproof Security – Download
  • #2 – Better WP Security – Download
  • #3 – Wordfence Security – Download


Adding one of the above plugins will greatly risk your vulnerability to attack, but as always, it is great to have a complete backup of your website!