New Computer Hacker Threat Targeting WordPress Sites with Admin Usernames and Weak Passwords

I was looking on the Internet for some new WordPress news this evening. Unfortunately, I came across some bad news in this TechCrunch.com article by Frederic Lardinois:

Hackers Point Large Botnet At WordPress Sites To Steal Admin Passwords And Gain Server Access

Here is a second related article from krebsonsecurity.com:

Brute Force Attack Builds WordPress Botnet

Basically what is happening is that some computer hackers are trying to take over WordPress sites with default “admin” usernames and weak passwords. If they can successfully hack into these WordPress sites, these sites will become “bots” or “zombies” that they can control without the knowledge of the site administrators. Their goal seems to be to use the compromised sites to take over the Web servers of these sites and then create an even larger network of bots (a botnet) made up of these infected Web servers. Think of the chaos they could cause on the Internet with a large botnet.

WordPress founder Matt Mullenweg addresses this botnet issue in a recent blog post called “Passwords and Brute Force”. He recommends several measures you can take to protect your WordPress blog from this threat:

If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress.

Please note there are active resource links in his quote. It would be a good idea to use them if you need to.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s