Friday, May 5, 2017
A botnet has run attacks on WordPress websites, focused on WordPress login page, over the past few months. It uses the default username "admin" and a list of common passwords, in an attempt to access WordPress installations.
To stop these attacks, we have taken various measures in recent months. However, this botnet is constantly updated with new techniques. This makes it increasingly difficult to block the attacks. Our servers are heavily burdened by a so-called "brute force" attack. Because thousands of WordPress sites are attacked consecutively, we found a lot of instability on our hosting platform. This was a reason for us to use additional security measures. These contribute to additional security for your website and they also provide less tax on our hosting platform. This will load your website faster.
Starting today, you will see an additional security screen when you visit the WordPress admin, namely a "captcha" security. Once you've clicked "I'm not a robot", you'll be linked to the regular WordPress screen, where you can log in to your Wordpress control panel.
We also recommend changing your username and password immediately and not using a common username such as "admin".
At this time, we are unable to disable this security by website. Security would then be useless, because a single brute force attack does the same as on any website at the same time.
If you experience inconvenience then please apologize. Unfortunately, this measure is necessary because almost every WordPress website is currently facing these attacks. We could tackle this in the beginning by blocking IPs after a number of incorrect login attempts, but this is no longer possible because of changes in the tactics of this botnet.