There is an on-going and highly-distributed, global attack on almost every
WordPress Blog out there in the word wide web. This attack is well organized and
again very, very distributed; we have seen over 150,000 IP addresses involved in
this attack. We have an active script to block any IP that tries to scan your
WordPress password however as an added layer of security temporarily blocked
your WordPress admin aria for unauthorized IP's.
To enable your own IP for the WordPress admin aria please follow the following
steps (this will enable WP admin aria access to your own PC):
Add this rule in their .htaccess file:
<Files ~ "^wp-login.php">
Order deny,allow
Deny from all
Allow from x.x.x.x
</Files>
( Replace x.x.x.x with their ip what they get from
www.whatismyip.com )
Not sure how to do this? Click Here
Discussions about the Attack:
WebHostingTalk: http://www.webhostingtalk.com/showthread.php?t=1255387
HostGator: http://blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/
Siliconrepublic: http://www.siliconrepublic.com/strategy/item/32269-massive-brute-force-attack/
HostingDiscussion: http://www.hostingdiscussion.com/customer-service-support-issues/32748-wordpress-brute-force-attack.html
Sucuri.Net: http://blog.sucuri.net/2013/04/mass-wordpress-brute-force-attacks-myth-or-reality.html