Major WordPress Botnet Attack Underway Right Now – 07-03-2017


Article Courtesy of Singing Wire Web Design:

Currently there is a botnet attacking the default login page of WordPress websites. It’s trying out default user names with password after password – a “brute force” attack, as they’re called. I’ve seen it attempting to hit three of my sites, and at least three other sites I’m personally aware of over the past several days.

This isn’t like a single computer from a single IP address hitting the login page of a WordPress site, it’s tens of thousands of infected machines coming from tens of thousands of different IP addresses. This means that even as one IP address is locked out for failed logins, several others are trying different logins, continuously, for days on end. It looks like I saw the first activity start up around 05/31/2017.

The Botnet is taking advantage of the known default login link for WordPress – – and trying the default user name of “Admin,” as well as “Test,” and various plays on the website domain name.

Thankfully, I use some fairly sophisticated plugins to protect my sites against this type of attack, and none of my sites or my client’s sites have so far been compromised. I haven’t used default user names in a very long time, and I don’t use variations of website domain names, either. Strong passwords, check. The security plugins that I use also notify the administrative e-mail address when the number of lockouts gets too high as well.

Still, this adds processing load on my sites’ hosting servers, which the hosting providers aren’t going to like, and which slows down the sites on those servers with excessive database queries. Not nice.

I also have learned about plugins that allow you to customize the login link for a WordPress website, and put that into effect on multiple sites. Live and learn, I am self-taught on all of this. The cat might be pawing the bottle, but the milk isn’t spilt, knock on wood.

If you are running a WordPress website right now, I strongly recommend that you or your webmaster:

  • Change any default user names to something unique immediately.

  • Add a plugin that limits login attempts in some fashion. One that gives you activity stats and control over access lists is even better.

  • Use a plugin that allows you to to change the default WordPress login link to something custom.

  • Set and use a very strong, complicated password.

  • Make sure all registered users on your site are doing the same.

I can suggest a few very good free plugins upon request, contact me if you need them.

Be safe out there – Dan Stafford

PS: Another good article on this botnet attack can be found here: