You might be wondering why on earth we’re writing about WordPress on FWJ, but if you run your own blog and you use the platform, then you have to be aware of the WordPress global attack that has been the talk of that scene in recent days. We’re not all techie, and you may even rely on other people to deal with the technical aspects of your site. If you do some tech tinkering yourself, though, it’s best to be aware of events such as this ongoing WordPress global attack. I don’t want to go too much into the details, but HostGator revealed some information about the issue earlier this month.
What is this WordPress global attack all about?
Here’s a brief and simple description of the issue.
The short and simple explanation of what is happening is that one or more illegal botnets (a network of hundreds, thousands, or millions of compromised computers that are being exploited to perform attacks, send spam, etc) are being used to brute-force attack WordPress sites. The goal of a brute force attack is to try as many username and password combinations as possible in order to find valid login credentials. It’s as if someone was trying to guess the combination on a combination lock, but rather than being limited to a single guess every few seconds, they could make hundreds or thousands of guesses a second while never getting tired. (Source)
Why should you be worried?
Obviously, you should only be concerned if you use WordPress. If this is the case, and you get hacked, then a number of things can happen. Your site can be shut down. Your site can be used to send spam, commit fraud, and all sorts of other illegal (or distasteful at best) activities. Illegal activities aside, having no access to your content can totally throw you off balance, especially if you use your blog or web site as a portfolio.
What should you do?
An ounce of prevention is worth a pound of cure, my grandmother used to say, so the simplest thing you can do is change your password and use a very strong one. Use a password generator if you have to. Additionally, if you use “admin” as username, remove that immediately and change it. According to security experts, this is the most common username that is guessed, granting the hackers access to countless WordPress sites.
If you want to go the extra mile, take a look at services that can detect and repel such attacks.
What if it’s too late?
If you’ve been victimized by the issue, then you might think it’s too late. It’s not the end of the world, though. There are also services which can help you recover your site in case it gets hacked. HackedRecovery is one such service, and it also gives you support to bolster your site’s security.
Has anyone been at the receiving end of these attacks?
[Image via Hardware Zone]
Patti Hale says
I use the the plugin Better WP Security which hides my login page and also allowed me to change my user name to something other than the standard admin name. It also gives me reports when users have been locked out of my site because of repeated attempts to login fail. I have been getting several of these all from ip addresses that are from China so I have definitely been under attack.
I’d say if you have not already taken steps to secure your wordpress site, you definitely should!
Noemi Twigg says
Thanks for the recommendation, Patti!
My WP blog hasn’t been attacked — but thanks for the warning!!