Suspicious popup for WordPress Admins

Like me you’ve probably seen a lot of activity in the media recently about WordPress being targeted by hackers for weaknesses. Well today I looked at my WP installs dotted around the virtual world and saw that some of them had a suspicious popup appear before I could log in to the admin section. The popup says:

The server requires a username and password. The server says: Automatic Protection – Username: protected Password: wordpress | Visit for more info.

Now as someone who has spent more than 5 minutes on the web, I know not to immediately jump on a link when something tells me to. Suspicious activity followed by a ‘helpful’ link… 9 times out of 10 that’s the worst place you can go.

After a bit of research, it turns out that the news of WordPress being attacked and my installs behaving strangely is linked, but not in the bad way I was assuming.

It turns out that the hosting for these WordPress installs of mine, Heart Internet, took it upon themselves to add an extra layer of security from the attack. This is the cause for the suspicious popup.

Read their blog post here about the WordPress DDoS vulnerabilities.

It turns out the username and password are exactly what the popup says, and the link is legit, however I can’t help feel that Heart Internet could have added a reassuring message to the popup…

Heart Internet has added a temporary extra layer of security to your WordPress installation. Please visit for more information. The server requires a username and password. The server says: Automatic Protection – Username: protected Password: wordpress

Needless to say I’m glad Heart are doing something about the whole DDoS attacks on the web at the moment, although I’m not entirely sure this is 100% the right cause of action, its much better than nothing.

I’ve just put another short article together to help you protect your WordPress, check it out, help spread the awareness of this article and lets get WordPress community secure once again.

Thanks guys!

7 thoughts on “Suspicious popup for WordPress Admins

  1. Pingback: atomic blonde cda
  2. Thanks for writing this Paul!

    I thought the pop up appeared like it could be suspicious, and I agree on both points. I’m glad they acted quickly to apply the added security but it would have been nice to know more obviously it was them.

    I wish the people involved with hacking could find something beneficial to be doing with their time, rather than so destructive…

    1. No worries Tamsin, glad it was of some help and reassurance. I whole heartily agree they could be doing something a lot more beneficial with their time. Thanks for taking the time to drop me a comment, it makes writing articles all worth while.

Leave a Reply

Your email address will not be published. Required fields are marked *