Hackers attack WordPress ‘Admin’ accounts

ImageOver the past couple of weeks websites using  WordPress have been under fire from a very sophisticated brute force attack involving over 90,000 IP addresses. 

Some hosting providers handled this better than others.  

The best ones experienced  some slowness and minor outages while others simply went down for a couple of days.

While it has subsided the attack is still ongoing so here are a few steps that you should consider taking to help shore up your defenses.

  1. Make sure that your plugins are up to date.  Often plugin updates are released precisely because they have security holes and leaving these unattended for a long time is an open door to hackers.
  2. Don’t use administrator accounts called ‘admin’.  This is akin to using a password of ‘password’.  Some hosting vendors created these by default on installation.  If you have one of these then create another administrator account, log in using that one and delete the ‘admin’ account.
  3. Create strong passwords.  Ideally at least 8 characters and with a mixture of letters, numbers and special characters such as ^%$#&@*.  If you have too many passwords to keep things straight then consider using something like Lastpass.

These three simple steps won’t keep you totally in the clear but, like an alarm on your car, it should move the troublemakers on to an easier target.  



Leave a comment

Filed under Free Software, Online Security, Virus, Web Design

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s