Winhost blog

WordPress exploit

Thousands of WordPress sites are being compromised causing havoc with their site owners and their hosting providers. The method which the hackers are using is an old method known as a Brute Force Attack. This method simply employs the process of submitting passwords until you finally happen across the right one.

The effects on the site can vary, but it will entail a slower WordPress site, and high bandwidth consumption. This will mean you may pay more for the additional bandwidth you consume even if it was caused by your WordPress site being hacked.

To counter this you need to take two basic steps.

  1. If you are using the default administrative login “Admin” for your WordPress site update it to be other than Admin.
  2. Update the password to be more sophisticated and complex. A minimum length of eight characters is recommended. Vary the password with characters (upper and lower case), numeric, and special characters such as “#”, “!”, “%”, and “&”. This will strengthen your password making it impossible to “guess” using a brute force attack.

If you want to read up on picking a good strong password, I suggest this Microsoft article that explains how to decide what a strong password entails.

An optional feature worth considering is to enable your WordPress site with the WordPress 2 Step Authentication. It is an added security on top of inputting your login and password credentials with a random generated verification code from Google Authenticator App. You can get more details on how to enable this for your WordPress site on this link. http://en.blog.wordpress.com/2013/04/05/two-step-authentication/

If you want to read up more on these recent attacks to WordPress web sites, try looking at these links.

http://www.bbc.co.uk/news/technology-22152296

http://ma.tt/2013/04/passwords-and-brute-force/

http://www.latinospost.com/articles/16654/20130415/wordpress-site-hacked-2013-massive-botnet-targets-admin-username-more.htm

http://blog.discountasp.net/wordpress-under-attack/


Exit mobile version