Several people have asked us about the recent WordPress WP Super Cache and W3 Total Cache plugin security vulnerability.
For the most part, sites hosted on our servers aren’t vulnerable to this because we block comments that contain the malicious code.
We’ve talked before about WordPress login rate limiting. Attempts to guess WordPress administrator passwords are an ongoing problem, getting worse all the time.
The average WordPress site we host has received tens of thousands of malicious login attempts this month, with hundreds of thousands of different IP addresses being used in the attacks. We try to block the IP addresses that are responsible, but the ever increasing number of addresses means we can’t block all of them — an individual address often attempts a login only once a day for a given site. We need to adopt other tactics.
1:31 PM Pacific time: Our technicians are investigating high load and slow page load times on the “web04” server.
2:09 PM Pacific time: This is being caused by a distributed denial of service attack on WordPress sites that is causing outages for many companies. We’re working to block it.
Between 12:50 and 1:23 PM Pacific time, service was intermittently unavailable or slow for sites and e-mail on the web12 server. In addition, customers on other servers may have seen brief delays or high load for about two minutes during this period.
