At about 11:00 am this morning (2/10/2014) the guys over at Wordfence.com reported a HUGE distributed brute-force hacking attack on WordPress sites around the world.  This time the traffic wasn’t just from Kyivstar, but rather from random ISPs and countries around the globe.

A brute force attack is when an attacker tries many times to guess your username password combination by repeatedly sending login attempts. A distributed brute force attack is when an attacker uses a large number of machines spread around the internet to do this in order to circumvent any blocking mechanisms you have in place. (From Wordfence.com)

Here are a list of usernames that were attempted across all of the blogs that we control.  We highly recommend that you DO NOT use any of these usernames on your WordPress installation.  If you are using them, it’s a good time to change your WordPress login.

  • adm
  • admin
  • admin1
  • hostname
  • manager
  • qwerty
  • root
  • support
  • sysadmin
  • test
  • user

Read more about the attack at https://www.wordfence.com/blog/2014/02/large-distributed-brute-force-attack-underway/

If you were attacked with usernames not on this list, let us know in the comments below and we’ll update the post accordingly.