Botnet Hackers Target WordPress
Attention WordPress users: Botnet hackers target WordPress website using a network of “tens of thousands” of individual computers, as detailed by hosting companies Hostgator and Cloudflare.
The botnet attack targeted users with the login name of “admin”, attempting to force a login by trying thousands of password variations.
WordPress currently powers around 64 million websites which are read by an estimated 371 million users each month. This accounts for approximately 17% of all the sites in the world. Is yours secure?
Securing Your WordPress Site(s)
Matt Mullenweg, the founder of WordPress, wrote on his blog:
“Here’s what I would recommend: If you still use ‘admin’ as a username on your blog, change it, use a strong password.”
He also advised the use of the recently launched two-step authentication when logging in to your site. This provides a unique number alongside your username and password. Mr Mullenweg also recommended installing the latest version of WordPress if not being used already.
IP-limiting or login-throttling plugins would not have helped greatly due to the scale of the attack. It is thought that the network comprises of over 90,000 IPs, which means they could thoretically try again from another location every second for 24 hours.
The Chief Executive and co-founder of Cloudflare, Matthew Prince, said that one worry is that the aim of the recent botnet attack may have been to build a stronger botnet for a future attack.
“One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack,” he wrote in a recent blog post on Cloudflare’s own blog.
“These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic,” he added.
Security is obviously a major concern for the vast majority of WordPress users, so we urge you to login and change your details at the earliest chance, as well as making regular backups of your site(s) data.
If you are struggling to keep on top of your blog content and security, why not contact WeBoost today?
Our experienced blog management experts can post on you or your company’s behalf, create engaging content for you and your customers and ensure your blog is properly backed up and secured.