Patching the Internet in Realtime: Fixing the Current WordPress Brute Force Attack

On April 11, 2013, a significant brute force attack was launched on numerous WordPress blogs across the internet. The attacker targeted administrative portals using the username "admin" and tried thousands of passwords. A botnet with more than tens of thousands of unique IP addresses was used to execute the attack. There is concern that this attack may be building a larger botnet for future, potentially more damaging attacks. CloudFlare has released a rule through its WAF to detect and stop the signature of the attack, providing protection to all its customers, including those on the free plan.