I was looking on the Internet for some new WordPress news this evening. Unfortunately, I came across some bad news in this TechCrunch.com article by Frederic Lardinois:
Here is a second related article from krebsonsecurity.com:
Basically what is happening is that some computer hackers are trying to take over WordPress sites with default “admin” usernames and weak passwords. If they can successfully hack into these WordPress sites, these sites will become “bots” or “zombies” that they can control without the knowledge of the site administrators. Their goal seems to be to use the compromised sites to take over the Web servers of these sites and then create an even larger network of bots (a botnet) made up of these infected Web servers. Think of the chaos they could cause on the Internet with a large botnet.
WordPress founder Matt Mullenweg addresses this botnet issue in a recent blog post called “Passwords and Brute Force”. He recommends several measures you can take to protect your WordPress blog from this threat:
If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress.
Please note there are active resource links in his quote. It would be a good idea to use them if you need to.