WP Sites Under Attack Across the Globe!!! (Why Synthesis Customers Need Not Worry)

Potential customers sometimes ask us, “Why should I pay a premium for your managed WordPress hosting?”

The answer to this question becomes obvious once the true costs of building and managing a WordPress site are analyzed. And a current event in the WordPress world – one that is rather ominous at first glance – serves as a microcosm of the value that Synthesis customers enjoy.

It’s the value of peace of mind.

The global attack on WordPress sites

A large hosting company issued a blog post today warning its customers about an “on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence.”

And by “virtually every web host in existence” they mean Synthesis as well. And they’re right. There is very likely some nefarious hacking ne’er-do-well trying to brute force their way into your site as I type this and then again as you read it.

In fact, one of the biggest and most prestigious sites we host gets brute forced 500 times an hour even on days when WP sites aren’t global targets.

But here is the difference between the average hosting company and Synthesis: whereas the average hosting company is going through a bit of a fire drill right now (imploring customers to change passwords immediately, prepping them for possible downtime, etc.), at Synthesis today is just another day. It’s business as usual.

Over two years ago we noticed that brute forcing of wp-login.php was 1,000X that of standard services like FTP and SSH. We also noticed that the big name cloud-based security services our customers often put in front of us were doing nothing to stop it.

That was when we launched a well-crafted solution to guard our customer base against this threat. And we added wp-login.php brute force data analysis to our daily operational procedures at Synthesis.

Why Synthesis customers are not in panic mode

We’ll never discourage you from changing your password, of course. Heck, go ahead and do it every day if you want to. But do it out of a general concern for having a sound security strategy, not out of fear because of this brute force uprising.

Now to the larger point:

The purpose here is not to knock other hosting companies. Most do a fine job of serving their respective niche in the hosting communities. They provide good low-cost hosting to site owners of many different content management systems.

But for the serious WordPress site owner – the one whose business and revenue and livelihood rely on the uptime and security of their website – more specialization and preparation is necessary.

The reason we can tell you not to worry in the midst of Brute Force Outbreak 2013 is that we’ve been dealing with this for years and continue to pay close attention to it. We have systems in place to deal with this sort of attack, and they are not just turned on when the web excrement hits the fan (so to speak); they are always on.

Frankly, that’s what you should expect from a managed WordPress host. We don’t consider it an “extra” benefit you get from hosting with us. We consider it a minimum level of protection that we owe you for trusting us with your sites and paying us a premium to host you.

After all, we are content publishers ourselves and run our own sites on the exact plans and services make available to you.

So go on about your business this weekend. Watch the Masters. Go to yoga. Learn how to cha-cha. But don’t worry about the global brute force attacks hammering WordPress sites worldwide.

If you are the type that needs to be proactive, change your passwords to something strong. But again, don’t do it on account of the attack; do it because it is a best practice.

We’ve said it before and we’ll say it again: we’ve got your back.

And we mean it.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>