• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Michele Neylon :: Pensieri

Technology, Marketing, Domains, Thoughts

Dealing With WordPress Hack Attacks

April 21, 2013 by Michele Neylon Leave a Comment

BruteForce1If you follow technology news you'll know that there's been a very large attacking ongoing against self-hosted WordPress blogs. While the worst of the attack may have stopped for now it's still ongoing.

Our technical team released some figures that show the scale of the attack. And we're not that big a hosting provider when you compare us to the "big boys" such as GoDaddy. Their numbers would be several magnitudes higher.

The attack is basically a "brute force attack" ie. using computers / servers to generate thousands of possible username / password pairs in the hope of gaining access to the WordPress control panel. By default when you install WordPress the administrator username is set to "admin", so the hackers only have to work on the password. They've already got the username for most WordPress installs.

And yes, I'll have to admit, quite a few of my WordPress installs were using the default administrator username as well. Fortunately (fingers crossed!) none of my installs had very weak passwords, so, as far as I know, none of them were compromised.

But that wasn't from lack of trying. This site alone has had several hundred hack attempts in the last couple of days that I know of (I started logging failed login attempts a couple of days ago).

If you're running WordPress installs there's a number of things you can do. Some of them will work better than others ..

Obvious things ..

Don't use the default "admin" account. If you have it already then create a new user with administrator privileges and delete the old one. You can reassign all the posts from the old admin user to the new administrator account you've created.

Use a strong password. There are plenty of password generators available online or if you want you can use a password locker to help handle them for you.

There are also a lot of wordpress plugins that can help tighten up the security of your WordPress install by changing some of the default settings. Just bear in mind that some of the more comprehensive tools may impact your site's ability to work with certain themes, plugins and 3rd party services.

And make sure both your WordPress core and plugins AND themes are kept up to date. Seriously.

 

Related Posts:

  • Fixing and Debugging Rich Media Sharing on Facebook and TwitterFixing and Debugging Rich Media Sharing on Facebook…
  • Switching WordPress ThemesSwitching WordPress Themes
  • Fixing the OpenGraph Image Displayed in XenForoFixing the OpenGraph Image Displayed in XenForo
  • OSX Essential Apps – 2018 EditionOSX Essential Apps – 2018 Edition
  • Mod_Rewrite Help Needed!!Mod_Rewrite Help Needed!!
  • Rebooting IrishBlogs.comRebooting IrishBlogs.com

Filed Under: security, wordpress Tagged With: Botnet, Brute-force attack, Login, Password strength, wordpress

Michele is founder and CEO of Irish hosting provider and domain name registrar Blacknight. Read More…

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Primary Sidebar

dotblog founder

Most Recent Posts

Sacha Baron Cohen Takes Aim at Social Media Platforms

Brexit as a Burger

Le Grand Bleu Cinema Concert Tour

Boris Johnson vs Monty Python

Geeky Brexit Meme

Archives

  • Instagram
  • Twitter

Pages

  • About Me
  • About This Site
  • Archives
  • Comments Policy
  • Contact Me
  • Privacy

Footer

Site hosted in Ireland by Blacknight - Content copyright Michele Neylon

Copyright © 2019 · Magazine Pro on Genesis Framework · WordPress · Log in