We are seeing pattern of brute force attack against WordPress sites across CPHosting network. Attack is coming from distributed IP addresses and there seems to be no particular range. Our initial guess is, large Botnet is attempting to login to WordPress web site(s) with different user name and password combinations to hack into users WordPress installation and post malicious codes.
Following image is from apache web logs showing login attempts from distributed IP addresses coming from multiple IP ranges and net-blocks.
If your WordPress installation is not current, now it is the right time to upgrade it to the latest version and change your admin / author passwords to 100 strength. Please go through this Wikipedia article which explains what is password strength.
“Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability”
It is very easy to upgrade WordPress installation. To upgrade WordPress installation first take complete backup of your web site through control panel and then login to admin area of your WordPress installation. Once logged in, click on updates section in left navigation bar and update your WordPress installation, plugins and themes to latest version. We at CPHosting expertise in WordPress and also provide WordPress upgrade service for minor fees. Please contact support team for quote.
We at CPHosting are closely working with our clients and security experts to keep this attack under control. Please feel free to contact support team with any further queries you may have.