Pro Bloggers Beware: WordPress Denial of Service Attacks

book and script editor for hire Joe Wallaceby Joe Wallace

If you are an “end user” of WordPress (as opposed to someone who spends as much time in the Dashboard and/or control panel of your WordPress site) you might be scratching your head lately wondering why WordPress is moving so slowly for you.

There’s been a string of notifications from Internet Service Providers (ISPs) about a hacking campaign aimed specifically at WordPress sites. The idea behind this campaign is quite simple–it aims to shut down WP sites by using a Denial Of Service Attack featuring repeated login attempts to the Dashboard or back end of your WordPress site.

The goal is not necessarily to gain access to your site–instead, the idea is to flood your ISP with so many attempts to log in that it overwhelms the server. This causes slower response times for legitimate readers trying to view your WordPress site, and can shut your page down altogether under the right circumstances.

There are some semi-complicated fixes for this, things that many freelancers and bloggers won’t feel comfortable attempting. I myself have mitigated this problem by setting an extremely low tolerance for repeated failed logins from a single IP address–any more than X number of failed logins and the user is blocked from trying to login again for TWO WEEKS. But again, this is a back-end, deep-ish feature (not connected to WordPress directly, but rather the server I use) and many users won’t or can’t access such features.

The solution?

Contact your ISP or web host and ask about addressing this issue. You want to reduce the number of allowed login failures to WordPress to around 10 or 15 per IP, resulting in a 15 minute ban from attempting again after that number has been reached. Some sites have the ban automatically set to an arbitrary number such as five minutes, but if you’re experiencing slow response times from your WordPress blog and suspect it might be related to this issue, ask your ISP tech support people what the best course of action might be.

This Denial of Service attack issue likely isn’t affecting EVERYONE using WordPress, or affecting everyone the same way. But if you’re noticing slower repsonse from your WP blog, it might be something to consider as a possible cause.

Joe Wallace has been fildding around in the back end of WordPress and Freelance-Zone.com’s Virtual Private Server for many years. He still doesn’t know every much about how it all works on a technical level, but he does know how to make a wicked pizza. He blogs about vinyl records, sells rare and unusual LPs, and does sound design for indie film and video projects in Chicago. Contact him at jwallace242@gmail.com