An unknown group has targeted websites using the WordPress platform and are using advanced tools and techniques designed to use brute-force (it guesses your username and password) to hack into WordPress admin logins. The attackers are using over 90,000 IP addresses to mount this attack and it is being said they may be attempting to create a “botnet” which is a network of infected computers that then go on to send the bot out to others. This allows the attack to act much like a virus, gaining momentum as it takes down websites.
There are tons of technical details that really don’t matter a whole lot to my readers or clients, so I’ll get to the point. Be on high alert and be sure to keep an eye on your site. But beyond that, there are some things you can do in the meantime!
WordPress Security Steps (protect your WordPress Website):
- Update your admin account password! Use something at least eight characters long (I use 15) and mix in special characters and capital letters. Use this tool to generate a secure password:
- Ensure there are no other accounts on your site that have full administrator access, but if they do, make sure they have a secure password as well.
- Change your admin name if it is something simple like “admin”. Use something you can remember, but don’t make it obvious! (tip: this can be changed using the plugin below)
- Install a security plugin. A great free one is Better WP Security (Better WordPress Security):
- Make sure your version of WordPress has been updated to the latest version!
Read more on the subject:
- On Techcrunch (click here)
- On Arstechnica (click here)
- On Sucuri (click here)