Unidentified hackers are said to have have launched a large-scale attack against WordPress blogs and any hosts using weak passwords are urged to update them immediately Security firms have been tracking an escalating number of “brute force” attacks against WordPress installations, which have been trying out logins such as “admin” and then running through thousands of commonly-used passwords to try to break in. Security firm Incapsula told security blog KrebsOnSecurity that infected sites are seeded with a backdoor that gives the attackers remote control of the site. “The infected sites then are conscripted into the attacking server botnet, and forced to launch password-guessing attacks against other sites running WordPress,” the site reported.<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
“As I type these words, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence,” HostGator said in a post. “This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack,” it said.<\/p>\n