Distributed attack on WordPress sites
Hostgator in its blog reported a massive attack on sites running WordPress. According to the dictionary, tens of thousands of infected computers are trying to pick up the password for the administrative panel of this popular engine.
Another hosting provider, CloudFlare, believes that one of the goals of attackers is to create a more powerful botnet from servers, the resources of which can subsequently be used to carry out DDoS attacks:
What is interesting about this attack is that the attacker uses a relatively weak botnet from home PCs to create a much larger and more powerful botnet to prepare subsequent attacks. These powerful machines can do much more damage with DDoS attacks because servers have wide network channels and are capable of generating significant amounts of traffic. This tactic is similar to the one used to create itsoknoproblembro / Brobot botnet in the fall of 2012. This was one of the most serious attacks on US financial institutions.
In order not to become another victim of this attack, Hostgator strongly recommends that WordPress site owners, in addition to setting a strong password from the admin panel, also protect the wp_login.php file .