In the past several hours, we have seen attacks against two different clients who use WordPress. These clients are unrelated, and their sites are not hosted in the same location, or even using the same provider. Therefore, we do not believe that the attacks are related.
However, it is urgent that you make sure your WordPress installation is protected from such attacks. We urge all CHCS clients to take the following steps immediately.
- Change the passwords for all WordPress users. Make sure that the new passwords are strong.
- Update WordPress to the latest version.
- Update all WordPress plugins that you may be using.
- Make sure that you have installed and set up the Better WP Security plugin.
- Make sure that you have installed and set up a cache plugin. Use either WP Super Cache (setup instructions) or W3 Total Cache (setup instructions).