WordPress.com, home to many millions of blogs around the world, is currently being hit by an "extremely large" distributed denial-of-service (DDoS) attack.
According to the company, some users may experience performance and connectivity problems as a result.
Here's part of the statement we received from Sara Rosso of Automattic, the owners of WordPress.com:
WordPress.com is currently being targeted by a extremely large Distributed Denial of Service attack which is affecting connectivity in some cases. The size of the attack is multiple Gigabits per second and tens of millions of packets per second.
We are working to mitigate the attack, but because of the extreme size, it is proving rather difficult. At this time, everything should be back to normal as the attack has subsided, but we are actively working with our upstream providers on measures to prevent such attacks from affecting connectivity going forward.
You can see a better quality screenshot of this statement here via TwitPic.
DDoS attacks typically involve botnets of compromised computers around the world, bombarding a site with traffic - effectively "clogging it up" and preventing legitimate users from accessing its content.
In the past I've described a DDoS attack as being like 15 fat men trying to get through a revolving door at the same time.
Sophos's Naked Security site runs on the VIP version of the WordPress.com platform, and our writers have had some difficulties posting today because of this disruption. However, Sophos customers should have had no problems accessing the main Sophos website or receiving updates to their security products - which do not rely on the WordPress.com infrastructure.
It's unclear what has motivated the DDoS attack, but hopefully normal service will be resumed as soon as possible.
Update: Automattic and WordPress.com founder Matt Mullenweg shared some more information with TechCrunch:
"There's an ongoing DDoS attack that was large enough to impact all three of our datacenters in Chicago, San Antonio, and Dallas - it's currently been neutralized but it's possible it could flare up again later, which we're taking proactive steps to implement."
"This is the largest and most sustained attack we've seen in our 6 year history. We suspect it may have been politically motivated against one of our non-English blogs but we're still investigating and have no definitive evidence yet."
Update 2: WordPress has just notified me that their systems are back to normal.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
Thanks for the heads up. I was wondering what was going on, I'll leave it alone for a day. :)
What the best thing for wordpress.com users to do in this case? Not log in?
i'd expect your packets would never get through the "tyre-wall"
Similar problems over at littler WEBS.com last week. They were down for 3 days. Lots of stress. They said it was due to a porn thing. Govn't went directly to the local ISPs. I'd like to know more about how this happens. Where do I learn about that?
It happens with wordpress, tumblr etc. It's easier just to use the wordpress software on your own host. It costs next to nothing since there is really cheap hosting now a days.
hello Naked Security guys, have they not resolved this issue yet?
I am still unable to successfully access my WordPress account. it's been hit and miss, sometimes I can load it, sometimes not. it's so frustrating waiting for something to load and then after all the waiting time, you get an error message.
by the way, WordPress has not been accessible on my Mac but I manage to load it quickly on my Fujitsu PC. what gives?