Global Bruteforce Attack on WordPress Installations

Currently, WordPress is experiencing a global brute force attack. This is not limited to us, but is affecting web hosts worldwide.

This attack is widespread and very vigorous. At this time, we suggest you log in to your WordPress account and change your password to a VERY strong password.

The attack is specific to WordPress installations at this time.

If you have been having any trouble with your WordPress today, you are likely vulnerable to more issues. If you have a Virtual Private Server or a Dedicated Server, your risk may be higher.

We are taking many proactive measures to mitigate this situation but the best defense starts with you. Please check your websites, your system and update your software. Change your WordPress password immediately. At this time, secure your WordPress installation and, as suggested update your passwords for all of your logins on a regular basis.

To ensure that your websites are secure and safeguarded from this attack, we recommend the following steps:

  1. Update and upgrade your wordpress installation and all installed plugins
  2. Install the security plugin listed here
  3. Ensure that your admin password is secure and preferably randomly generated
  4. Other ways of Hardening a WordPress installation are shared at

These additional steps can be taken to further secure wordpress websites:

  • Disable DROP command for the DB_USER .This is never commonly needed for any purpose in a wordpress setup
  • Remove README and license files (important) since this exposes version information
  • Move wp-config.php to one directory level up, and change its permission to 400
  • Prevent world reading of the htaccess file
  • Restrict access to wp-admin only to specific IPs
  • A few more plugins – wp-security-scan, wordpress-firewall, ms-user-management, wp-maintenance-mode, ultimate-security-scanner, wordfence, These may help in several occasions

Thank you for assisting us in keeping your information safe and secure.

Joomla Vs WordPress

When it comes to CMS, there are several opensource content management systems available on the Internet, and much has been written about each of them. I most common CMS that we use typically for ourselves and our clients are the two major ones that everyone in the development world know about and both have their own pros and cons with a huge community working behind them, and therefore the clash of the Titans.

The best thing about both Joomla and WordPress is that both of them can be used to build websites to the most simplest level upto the most complex commerce websites as well. The best thing however about wordpress the simplicity at which plugin’s can be found and installed as well as updated. The themes along with the core code can easily updated with s simple click of a button. This we can say to be the best part for any organization who lacks the skills of maintenance.

Joomla, however has a huge user base and a large community which provides extensive extensions and components for almost anything a developer or an end user can think of.  But when it comes to updating the core as well as the core it has never been an easy task and can be nerve breaking as well as costly, especially when it comes to custom templates and huge content and user base. Certain Joomla versions would need migration rather than an upgrade which can be quite a pain.

While, I find Joomla templates easy to understand and customize, WordPress themes are  the way around and the pain in customizing a theme to suit ones need can be task in itself.

Though both the CMS are widely available and used and much has been written about the both, even comparative narrations, these are just my few cents for filling the space.