A few days ago we saw the start of one of the most coordinated Brute Force attacks against the Web Publishing Platform called WordPress that we’ve seen in quite a while.

It all started with a published announcement from some of the largest WordPress hosts that they had seen a spike in traffic across all their WordPress based sites and were investigating.

Security giant Sucuri which actually monitors millions of sites on the web including a plethora of existing large and small WordPress installations has a very interesting article on what is a Brute Force attack and why hackers attempt them if you’re not quite sure what these attacks are attempting to do.

Host Gator was one of the first large hosts to provide valuable and useful data in the form of a blog post they published on the 11th detailing the attacks they were seeing and then finally Sucuri released a bit of what they had including a list of possible attacker IP addresses in a blog post their wrote on the issue.

As the day led into the next we started seeing more and more companies announce to their customers to take protective measures against was was undoubtedly a coordinated effort against the WordPress platform.

Even the more important providers such as Media Temple and WP Engine began to release warnings to their users and gave updates about the status of their systems.

As I spoke to more and more hosts and developers who did maintenance on sites for clients, I saw an amazing number of them go into protection mode doing everything from blocking certain IP addresses to changing the way their users logged into their sites.

It is not certain if the problem has died down or if the attacks will continue. What is certain is the need for more and more hosts to deal with these kind of attacks more openly and for both users and site owners of the WordPress platform use better password and blocking practices moving forward.