Ongoing WordPress Security Attacks – Brute Force
What you can do now to safeguard yourself and your site
As you no doubt know, WordPress has been put under attack for a while now, but it is becoming a real problem for my fellow WP bloggers!
I received the link below from one of my networking connections, and want to share it with you. I want to help you, so what happened to me does not happen to you – although in my case it was a ‘phishing scam’!
I strongly suggest you check this out, so you are aware, and up-to-date as to what precautions you can take now, to make sure you are not the next ‘victim’ of these ‘bots’.
I will tell you that if your username is ‘Admin’ you should change it immediately, as well as changing your password regularly!
At any rate, enough of my babbling, here is the direct link to the article I am referring to, as well as a quick ‘highlights’ recap.
The first thing that all WordPress site operators must do is remove the username “admin” from the site. By far, this is the biggest vulnerability that is being exploited in this attack. So, if you have a user with a username of “admin” on your site, it needs to be either removed or renamed ASAP.
The short and simple explanation of what is happening is that one or more illegal botnets (a network of hundreds, thousands, or millions of compromised computers that are being exploited to perform attacks, send spam, etc) are being used to brute-force attack WordPress sites.
The goal of a brute force attack is to try as many username and password combinations as possible in order to find valid login credentials. It’s as if someone was trying to guess the combination on a combination lock, but rather than being limited to a single guess every few seconds, they could make hundreds or thousands of guesses a second while never getting tired…
Please do take a moment to help protect all your hard work at the link below, which also provides some excellent links to really good services to put in place/be aware of:
I sincerely hope this helps you!