Ipage WordPress WP-ADMIN login error
Having trouble with Login of Word-press Admin with IPage, try reading this information on the reason and solution for error on wordpress and IPage Administrator login process.Explaining Recent WordPress Service Activity |
|
4/11/2013 5:15pm EST Update:
At this time we are still working to fight against the brute-force attacks on WordPress sites. We want to clarify that this is not an issue exclusive to our hosting platform or even vDeck. The hackers have targeted WordPress sites hosted across a multitude of brands, and we are working alongside other partners in the industry to determine how we can resolve the issues we’re all facing. As we continue to focus all of our energy on the attack, we apologize for any additional delays with our support response-times. We can assure you that our staff is working overtime to eliminate the threat while keeping up with as many support tickets as possible. We take pride in delivering reliable and solid support, so again, we apologize to any and all of our customers who may be affected by this delay. We appreciate your patience and understanding.
————————————————————————————————————-
What happened?
Our team became aware of a potential brute-force attack on the default WordPress admin login page. A brute-force attack occurs when a third party attempts to access a system by repeatedly trying multiple combinations of passwords across a variety of usernames. Typically, this occurs to gain access to account data and obtain personal information for potentially malicious purposes.
Upon first noticing this activity, our team (who monitors system status 24×7) quickly enabled various filters aimed at preventing any further malicious activity. The filters accomplish this goal by establishing a secure firewall surrounding the third party’s IP address. Our team has been working tirelessly around the clock since the initial impact of this attack to mitigate any repeat activity by putting additional preventative measures in place.
What can I do?
At the moment, you may be experiencing service interruptions when attempting to log in to your WordPress account. As mentioned previously, third parties use these brute-force attack attempts to obtain user data by taking advantage of weak passwords. In turn, the frequency of these repeated login attempts can cause server slowness, and possibly, an inaccessible admin panel. Your ongoing patience as our team finalizes the troubleshooting process is the best course of action, and is greatly appreciated.
At the moment, we have restored login functionality for a majority of our WordPress users. Since the brute-force attack attempt was made using WordPress login information, we strongly recommend that all WordPress users update their WordPress login password to something more secure. Per WordPress’ recommendation, suggestions for a strong password include:
Having a strong password in place helps to protect against future brute-force attack attempts, and has the added benefit of significantly reducing the chances of malware being installed on your website or on our system.
If you are unable to access your WordPress admin panel at this time, please remain patient as our team continues to troubleshoot this issue. We will continue to keep you updated in a timely manner regarding the resolution of this issue. However, please feel free to contact support at any time with additional questions or concerns about this occurrence, about your account, or about your online presence in general. We are available 24 hours a day, 7 days a week, and are dedicated to keeping you online and your website safe.
|
| – 04/11/13 at 18:33 ET |
Updated Information:
By Thursday, it was clear that the attack was not subsiding. The first thing we did was to roll out a new heuristic-based set of rules, that would look historically at our growing set of log data, identify patterns, and block the attack based on that data, not just on current bad behavior, but combinations of bad behavior.
That put a big dent into the attack. But the attack was still big enough to be causing our servers to run at a higher than normal load.
Our breakthrough happened on Thursday, as our team looked through data on the web and data in our logs. We found a difference between the way the attack accesses WordPress and legitimate customers access WordPress. Thursday afternoon, we rolled that change out to our edge servers (before the traffic even reaches the web server that might be hosting your site) to drop any traffic that didn’t look legitimate.
Hundreds of hits a second dropped to nearly none.
We’ve been rolling this change out across our data centers and seeing much of the attack mitigated. This is allowing us to focus less on just keeping things running and more on the proactive work of heading off the next variant of this attack. The attack, as it usually does, has started to pick up again today during peak business hours, but thus far, we’re not feeling the effects.
We head into the weekend in good shape, but vigilant against a returning or altered attack. In the meantime, our support team is ready to help you if you are feeling any lingering effects (the most common one might be if your IP got marked as a possibly bad IP). If you’d like to help make your site stronger, we recommend changing your WordPress password to a secure one, if you haven’t already.
Thanks for staying updated Hoffa ..
It would be nice if they told you that when you call in to ask why your loin is down, thanks for the help