WordPress 3.7 was released today bringing with it automatic updates for patch and security releases. This new feature has its pros and cons and has already created a bit of controversy in the WordPress community. The idea behind it is good, but it's not a one-size-fits-all solution.
There has been quite a lot of media buzz about the recent WordPress attacks referred to in my last post. There has also been quite a lot learned about the attacks. I wanted to write this followup to give you the latest information and hopefully relieve some anxiety about them.
There is a well organized global attack on WordPress sites going on that is attempting to crack WordPress passwords by brute force. This means that automated scripts are attempting to log in to any WordPress site they find by trying every combination of passwords they can generate. Given the power of the typical computer these days, this means thousands of attempts per minute. As you might imagine, this puts a tremendous load on the server, especially those with hundreds of WordPress installations which describes most shared hosting servers.