IMP: WordPress Brute-Force login attack proactive mitigation.
sql-injection-wordpressIn an ongoing effort to make you aware of security and performance concerns, we wanted to inform you of an ongoing event.
There is a brute-force login attack targeted at websites with WordPress. Due to the nature of the attack, memory consumption on targeted servers has increased. In some cases this has resulted in degradation of performance, and unresponsive servers. This is due to a high volume of http requests which can cause some servers to start swapping memory to disk, and possibly run out of memory. The most impacted servers tend to be those with limited memory resources, especially those with 1GB of RAM or less.
Our monitoring team has been proactively restoring service to managed servers which have been affected. We have taken proactive steps to reduce the impact of this event. We have tested a new ModSecurity rule, and deployed it via our ServerSecure service to customer servers. This new rule will block http requests to the WordPress login page after 10 failed login attempts. The attacking IP address will then be blocked for 5 minutes.