Unidentified hackers are said to have have launched a large-scale attack against WordPress blogs, and any hosts using weak passwords are urged to update them immediately.
Security firms have been tracking an escalating number of “brute force” attacks against WordPress installations, which have been trying out logins such as “admin” and then running through thousands of commonly-used passwords to try to break in.
“One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack,” security and website performance firm CloudFlare said in a post Friday.
Hosting site HostGator also warned of the attack.
“As I type these words, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence,” HostGator said in a post.
“This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack,” it said.
It advised anyone with WordPress installation to update their password immediately to one that meets the requirements on the WordPress website.
HostGator said it was trying to mitigate the attack through its server farm but that it could only do so much.
There was no mention of the attack on the WordPress blog or its Twitter account Friday evening.
James Niccolai covers data centers and general technology news for IDG News Service. Follow James on Twitter at @jniccolai. James’s e-mail address is james_niccolai@idg.com