Is that true that some sites on wordpress had been compromised ?I mean Hacked. Here is a link on this topic: http://statusblog.myhosting.com/2013/04/12/security-update-global-wordpress-attack/
Yea , heard about that but i liked the Cloudflare initiative to stop these kinds of attacks using there firewall . I would suggest everyone out here to use cloudflare so that you can be safe from the bruteforce . For more info : http://blog.cloudflare.com/patching-the-internet-fixing-the-wordpress-br
install wordfence: it is free and useful. I have been getting attacks on popular sites hosted on wordpress. Most of them seem automated and trying to access wp-admin. Which you can just protect with a .htaccess style password. I use static IPs to access my site's logins but everyone does not have that option. Just having .htaccess/.htpasswd style protection on wp-admin directory is more than enough to mitigate such attacks by 100%. It is actually already recommended todo by official wordpress install guide.
Yeh it's true, someone has a lot of coordinated resources they're using to brute force wordpress installs. There were also some recent vulnerabilities that permitted malicious users to upload a remote shell, so if your wordpress install is out of date you should definitely upgrade. If you want greater security consider installing Login Lock & Stealth Login. The first one implements rate limiting on logins and enforces strong password security, the second one lets you change the default login url in order to obtain security through obscurity.
to add to what diplox said, wordfence is also a great option. It can ban IPs after a couple of bad/brute login tries. Set it to 3 times (immediate ban after that ). For unknown username (immediate ban)
WordPress accounts and installations get hacked all the time. To prevent it, do this: Ensure your plugins and wordpress installation is up to date. Remove redundant plugins. (the more code on your blog, the more potential for vulnerabilities). Make sure your password is VERY strong. 25+ characters, containing upper/lowercase letters, numbers, and special characters. Make sure your "admin" account name is something unique; this makes cracking your account exponentially more difficult. Make sure you know your recovery email address, and make sure it's private and secure.
Nowadays hackers are playing around with many websites , the infected script mostly calls a malicious website and website essentially loads a Trojan in the browser window. Most likely it has to do with compromised ftp passwords stolen from your computer by spyware. Scan your computer for spyware, then change FTP passwords and don't store them inside FTP programs. Below are the some points to prevent the website from getting hacked 1. Do not save your login credentials in the FTP client. 2. From time to time, keep changing the passwords of your WordPress admin, FTP. 3. Use strong passwords for all your accounts, avoid common passwords. 4. Be careful when you install free plugins and themes. 5. Keep your anti-virus updated. 6. Keep your WordPress script & plugins updated .
Just to set the air clear: . This was not a hacking attempt of wordpress/joomla powered websites, it was a mass brute force attack on the wp-login.php through the means of GET requests to try and guess the passwords. Its unknown if successful logins are some how sent to the attackers. The problem is not with having a few wordpress websites. This also affects Joomla btw. The problem is when you are on a shared environment with hundreds of wordpress sites all receiving these same attacks, which causes the web server process to overload and lock up as well as flooding the network devices with ridiculous amounts of connections. To help prevent these issues, if you use a plugin to limit login attempts, it will block the offending ip's and should help control the problem: 1. Limit the number of login attempts that can be made. http://wordpress.org/extend/plugins/limit-login-attempts/ 2. If you really want to go all out, grab duo for two factor authentication on your smart phone: http://wordpress.org/extend/plugins/duo-wordpress/ Video on how it works here here ->https://blog.duosecurity.com/2013/01/introducing-the-duo-5-minute-challenge/
You simply need to keep your WordPress or Joomla updated with the latest version in order to reduce threat of such vulnerabilities.