Distributed attack on WordPress sites

Company Hostgator in its blog reported a massive attack on sites running WordPress. Tens of thousands of infected computers in a dictionary trying to find the password to the administrative panel of this popular engine.

Another hosting provider, CloudFlare, believes that one of the targets of the attackers is to create a more powerful botnet from servers, the resources of which can later be used to carry out DDoS attacks:

What is interesting about this attack is that the attacker uses a relatively weak botnet from home PCs to create a much larger and more powerful botnet to prepare subsequent attacks. These powerful machines can do much more damage with DDoS attacks, because Servers have wide network channels and are capable of generating significant amounts of traffic. This tactic is similar to the one that was used when creating the itsoknoproblembro / Brobot botnet in the fall of 2012. It was one of the most serious attacks on US financial institutions.

In order not to become another victim of this attack, Hostgator strongly recommends that site owners on WordPress also protect the wp_login.php file in addition to setting a strong password for the administration panel.