Improve your wordpress security

Your blog under attack!

You could be¬†vulnerable, here’s what to do about it. WordPress Security

Hackers are attacking WordPress sites. If you have a blog for your business there is a high chance that you are using WordPress, one of the most popular blogging platforms that currently hosts over 64 million websites. 

According to server hosts Cloudflare and Hostgator¬†the platform has been attacked by a botnet of “tens of thousands” of individual computers since last week. (A botnet is a network of individual computers in homes and offices that are being controlled by hackers or criminal gangs).

As to the why,  Cloudflare made the following post on their blog:

There is currently a significant attack being launched at a large number of WordPress blogs across the Internet. The attacker is brute force attacking the WordPress administrative portals, using the username “admin” and trying thousands of passwords. It appears a botnet is being used to launch the attack and more than tens of thousands of unique IP addresses have been recorded attempting to hack WordPress installs.

One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack. These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic

The main¬†vulnerability¬†here is the lax wordpress security by the users – a very large percentage whom have not changed the default username setting “admin” and combine that with a weak password, all of which makes it much easier for the attacks to succeed.

The hackers program tries to access WordPress accounts through 1,000 common passwords and “admin” combination. This tactic will not work against smart users however enough people still use easy-to-guess passwords that makes it productive for the hackers.

Improve your WordPress Security – Get protected

WordPress founder Matt Mullenwag posted on his blog  suggested changing default usernames as an additional step to protect their WordPress accounts. NB there are additional authentication steps for sites. (Click the links below for details on how to make changes to your user name and what makes a strong password)

If you still use ‚Äúadmin‚ÄĚ as a username on your blog,¬†change it, use a¬†strong password, if you‚Äôre on¬†turn on two-factor authentication, and of course make sure you‚Äôre up-to-date on the latest version of WordPress. Do this and you‚Äôll be ahead of 99% of sites out there and probably never have a problem.

These are simple but effective steps to take. Go check your blog now and make the appropriate changes. You should also look at what version of the platform you are running and upgrade to the latest version.