In a disclosure which underscores the fact that it is extremely important to keep WordPress websites up to date, security software firm Sucuri has revealed that a massive distributed brute force attack against WordPress sites is apparently underway.

Noting that a large botnet with over 90,000 servers is attempting to log in by cycling through a number of usernames and passwords, Sucuri said a study of different attack patterns has shown that there has been a three-fold increase in the number of brute force attacks against WordPress in recent months, and also added that the reports of attacks are accurate.

Meanwhile, cautioning its clients against the brute force login attacks, Irish web hosting provider Spiral Hosting said in a recent email to the clients a large-scale brute force attack coming from a huge amount of IP addresses is currently spread all over the world.

Pointing out that WordPress websites are continually being broken into by a large botnet which primarily tries to guess the username and password for getting into the WordPress admin dashboard, Spiral Hosting managing director Peter Armstrong said in the email that all leading web hosting companies worldwide are being affected by the brute force attack.

Further adding that "brute force attacks have reached epidemic level," Armstrong said that "a significant increase in botnet activity in the last 24 hours" has been detected by Spiral Hosting's Network Operations Centre.