HackerAnyone who currently runs a WordPress site should know that the ongoing attacks against WordPress by hackers escalated considerably in the past week. This should be a huge red flag for anyone using WordPress to make sure you are using very strong passwords and to immediately change your username if you are currently utilizing “admin.”

According to reports from HostGator and CloudFlare, there are significant attacks being launched at WordPress blogs across the Internet. What is happening is that one or more illegal “botnets,” which are a network of hundreds, thousands, or millions of compromised computers that are being exploited to perform attacks and send spam, are being used to “brute-force attack” sites using WordPress. This brute force attack will try to attack as many username and password combinations as possible in hopes of finding valid login credentials.

Even though it is unknown what the actual goal of these attacks might be, the purpose is most likely to compromise more systems, which would increase the size and strength of the botnets. The danger of these botnets is that they can shut down websites, compromise security of high security systems, be used to commit fraud, send spam, and even perform a plethora of other illegal activities.

So, what is the threat? You need to realize that there are two threats to your sites during these attacks.

The first is a threat from the login attempts. Your server’s resources are being used every time WordPress handles a login attempt. Now, if the attack starts to send an abundant of login attempts per second, your site’s performance may suffer.

The second threat is if a login is successful. If the attacker can actually log in to your site, your entire site and server could be compromised. The attacker could even modify anything on your site. This could include adding new files, modifying existing files, adding additional users, injecting malware into the output of your site, and even turn your hosting account into  a spam bot.

The first thing that all WordPress site operators must do is remove the username “admin” from their site. Without a doubt, this is the number one vulnerability that is being abused by these attacks. If you currently have the username “admin” on your site, either remove it or rename it immediately!

In addition, you need to choose a password. According to Chris Jean from ithemes, here are some ideas about choosing a strong password.

  • Make sure the passwords you use are  not short
  • Make sure the passwords you use are not simple
  • Make sure the passwords you use are unique for every site you use
  • Make sure you don’t create passwords that can easily be guessed by using any type of patterns

At Davik Consulting, one of our primary goals is your network security.  If you have any questions or concerns, please feel free to contact us!