Some hosting providers handled this better than others.
The best ones experienced some slowness and minor outages while others simply went down for a couple of days.
While it has subsided the attack is still ongoing so here are a few steps that you should consider taking to help shore up your defenses.
- Make sure that your plugins are up to date. Often plugin updates are released precisely because they have security holes and leaving these unattended for a long time is an open door to hackers.
- Don’t use administrator accounts called ‘admin’. This is akin to using a password of ‘password’. Some hosting vendors created these by default on installation. If you have one of these then create another administrator account, log in using that one and delete the ‘admin’ account.
- Create strong passwords. Ideally at least 8 characters and with a mixture of letters, numbers and special characters such as ^%$#&@*. If you have too many passwords to keep things straight then consider using something like Lastpass.
These three simple steps won’t keep you totally in the clear but, like an alarm on your car, it should move the troublemakers on to an easier target.
- Hackers Attack 90,000 WordPress Blogs (mashable.com)
- WordPress Site Hacked 2013: Massive Botnet Targets ‘Admin’ Username, More to Come (latinospost.com)