WordPress taken down by extremely large DDoS attack
The blog-hosting site WordPress was hit by a huge distributed denial-of-service (DDoS) attack last night, leaving bloggers and visitors locked out.
WordPress.com's parent Automattic confirmed that the site was ‘being targeted by an extremely large DDoS attack which is affecting connectivity in some cases'.
A statement from Automattic's Sara Rosso said: “The size of the attack is multiple Gigabits per second and tens of millions of packets per second.
“We are working to mitigate the attack, but because of the extreme size, it is proving rather difficult. At this time, everything should be back to normal as the attack has subsided, but we are actively working with our upstream providers on measures to prevent such attacks from affecting connectivity going forward.”
Automattic and WordPress.com founder Matt Mullenweg later told TechCrunch that the DDoS attack was large enough to impact all three of its data centres in Chicago, San Antonio and Dallas.
“It has currently been neutralised but it is possible it could flare up again later, which we're taking proactive steps to implement," he said.
“This is the largest and most sustained attack we've seen in our six-year history. We suspect it may have been politically motivated against one of our non-English blogs but we're still investigating and have no definitive evidence yet."
He later confirmed that the systems had been returned to normal.
Graham Cluley, senior technology consultant at Sophos, said that its Naked Security blog site runs on the VIP version of the WordPress.com platform and its writers had experienced difficulties because of the disruption.