WordPress has been under fire lately, though it is important to note that although WordPress has been the target that there is truly nothing the platform has done to cause these recent circumstances to occur.  You may have heard about the recent distributed brute force attack, which is presently on-going still and targets the “admin” user name.

A subsequent, and slightly lower-level attack has since been launched against popular WordPress plugins, like WPSuperCache and W3TotalCache.  While we did identify this circumstance very early on and take pre-emptive measure to effective mitigate this attack on our server farm, it simply reiterates a point we often try to make: please make sure your scripts and plugins are always up-to-date.

Metaphorically speaking, having out of date scripts or plugins installed is akin to having a very nice house, with a very nice door with a very nice deadbolt on it that you simply choose to not engage, effectively leaving your door wide open to anyone what wants to walk in and do as they see fit with your property.

As a web host, we provide the house, the door and the lock.  We also hand you the key to the lock on the door, but we cannot force you to engage that lock, we can only highly encourage you to do so.

One thing to note in regards to keeping your script installs themselves up to date is that HostGator’s proprietary script install tool, QuickInstall, does allow you to opt in to automatic updates for WordPress and other popular scripts.  We highly encourage you to utilize QuickInstall and it’s automatic update functionality.

Please take a moment to log into the dashboards of all of your CMS-backend websites and take a moment to ensure everything is up-to-date.  Otherwise, you are choosing not to engage that deadbolt on your front door and ultimately welcoming in all manner of individuals who may not have your best interests in mind.

5 thoughts on “State of the WordPress Address

  1. Thanks HostGator Team
    i have 9 cPanel With Websites all in wp :( (95 blocks)
    i recommend Limit Login Attempts

    1. Limit Login Attempts won’t stop this attack since it is from 90,000 different IP addresses. Limit Login attempts goes by IP address.

  2. Thanks, I have just updated my plugin. I have had numerous hacking problems, but hope this move to a new domain and new host will help.

  3. Thanks, pards. Scrupulously up to date. I changed my password the third time in as many months. Boy, this booger takes a long time and a few contortions to type. I think it’s somewhat safe.

Comments are closed.