I received this from my web host. Thought I would pass it along to all interested WordPress users.
Since yesterday morning, [My Hosting Company]'s internal monitoring systems
reported that WordPress users were subject to an unusually high number
of attacks. Brute force attacks occur through exploited accounts at
other hosting companies. The attacks are attempts to find users that
have weak passwords and outdated installations. Once the attacker has
found a WordPress account with a weak password, it’s used to gain
access to the administration panel. Outdated versions of WordPress
scripts are exploited and used to attack other hosting companies.
[My Hosting Company] has implemented additional security tools and is carefully
monitoring traffic. However, the best form of protection against
these attacks begins at the customer level. A tutorial for securing
your WordPress is posted at
This particular attack is focused on WordPress users. It’s important
to note that the attacks could just as easily be focused on any
application. The reports are not limited to our network. Reports
from all of the major hosting companies confirm that this is a wide
I read the following in late March:
And I have advised my clients to use at least 9 characters in their passwords.
I have my hosting provider's password generator create passwords for my accounts. Since Dreamweaver is very good at storing these and also since they're available in plain text with Keychain Access on my Mac (good job, Adobe programmers!) I can always retreive them.
The generated passwords are at least 12 characters long, contain both upper and lower case characters, symbols, punctuation and the like.
Of course if this is a DDOS attack, that won't help…