How to Repair the Global Brute Force Attack on WordPress Self Hosted Sites?

This global brute force attack on self hosted WordPress sites has been going on for past few days. I am going to address different cases and attempted solutions here. Please bookmark this Q&A and check back for new case studies.


One site came to my notice today, where the users could not login because the login or admin page got redirected to a page that output “not acceptable“. I checked the .htaccess file and it seemed to have non-standard statements, which neither the developer nor the site-admin remember putting in. So, we removed the extra statements and retained only the default WordPress generated htaccess statements and the site was back to normal.

…to be cont’d…

How to Remove HTML Allowed Tags Text in WordPress Comment Form?

Find where the comment_form() function is called. Usually it will be in the comments.php file of your WordPress theme.

It might be displayed like:

<?php comment_form(); ?>

Pass an argument to the function as below:

<?php comment_form(array('comment_notes_after' => '')); ?>

The array can have other arguments as well to mod the comment form to your liking. Refer to WordPress comment form codex for all possibilities.

Does Multisite facility in WordPress 3.0 consume less resources on the web server?

Not really. WordPress Multisite (WP-MU in older versions) only facilitates one-stop management. That is, you don’t have to logout and login into multiple sites to manage them – you can manage them all from one dashboard.