Many of you have heard about the recent attacks on WordPress sites. As Sucuri Security has documented, many hosts are experiencing a dramatic increase in brute force attacks on their WordPress customers.
In many regards, being prepared for attacks like this is part of the responsibility that any WordPress hosting takes on in the day to day running of a business. And WP Engine has gone to great lengths to ensure that we are prepared for just such situations as this one. These attacks have been well-documented and intentional. Whoever is behind the attacks is doing a good job, and they’ve gotten attention as a result.
There are a number of bad IP addresses that are currently involved in the attacks (although these may not represent all locations the attacks are originating). One of our WordPress experts has folded Sucuri’s list of the addresses into an .htaccess file that you can run on your own self-hosted account, and that we want to make as widely available as possible. Naturally, WP Engine takes care of this sort of thing so our clients don’t need to upload the .htaccess file.
At this time, WP Engine customers continue to be well-protected. We’re keeping a vigilant eye on the behavior and attack patterns, and will provide updates if things do change. It’s important to always respect a coordinated effort like this. However, at the present moment, our security measures are responding as intended to the attacks and protecting your sites.
Thanks for choosing WP Engine!