Home
http://www.flickr.com/photos/pimkie_fotos/2451289441/

By: Chesi – Fotos CC

 

Have you ever heard of the word “admin”.  It’s short for administration or administrative. It’s also the default user id for millions of WordPress websites that are vulnerable to hacking and compromising your site.

Thanks to the incredibly large number WordPress users, and many active and eager developers offering their predefined templates and plugins free or at low rates; you can create your own WordPress website in literally minutes without having to know any form of PHP or computer code. Whether you use WordPress.com, a simple blogging platform with little computer experience and no setup required, or WordPress.org, a slightly more customizable blogging platform often used to create personal or business websites, chances are you are using WordPress because it is easy, effective, and sometimes even fun.

However, the predefined “admin” username for the login is the source of the problem. This allows hackers to access millions of potential websites with only the password needed to crack the sites and gain access to precious information or use your site to spread spam, viruses, or other destructive data.

Who is hacking hasn’t been identified yet though it is believed the source is only coming from a few small, personal computers. Nonetheless, the attack is powerful and incredibly dangerous. According to researchers from at least three Web hosting services “unnamed attackers are using more than 90,000 IP addresses to crack administrative credentials of vulnerable WordPress sites,” (Anthony Kosner, forbes.com). The hackers are using a botnet, more commonly known as a group of private computers infected with malicious software, and controlled as a group without the owners’ knowledge and the attack has already begun and can be expected to continue to affect users in coming weeks as the botnet grows and becomes more powerful.

HostGator is a popular website where WordPress users pay a yearly fee to access space on their server.   HostGator, a hosting service, estimates 90,000 personal IP addresses have been hacked. CloudFare, another hosting service, estimates 100,000 (techcrunch.com).

A report from website security firm Incapsula stated that botnets are searching for installs of the popular WordPress platform and then using the most commonly used password-username keys. This allows the botnets to guess and effectively log in to many WordPress sites.  Incapsula co-founder Marc Gaffan told KrebsOnSecurity, that “infected sites will be seeded with a backdoor the lets the attackers control the site remotely – the backdoors persist regardless of whether the legitimate site owner subsequently changes his password.”

Arguably the biggest concern of this current attack is not the immediate threat but that this could lead to a larger hack, carried out by more computers, on more servers, with more power, giving the hackers private access to WordPress sites, platforms and an incredible amount of personal and confidential information.

As more people turn to the internet not just as a resource, but as the backbone and structure to their everyday lives; The threat of attacks both personal and collective are going to grow exponentially. For many, this WordPress attack may be too late. The hackers may have already accessed your account. However, it’s never too late to be vigilant and increase security and other measures to protect yourself, your clients, your visitors and your site.

Start immediately by changing your user id from ‘admin’ to something that no one or no botnet can guess. This is also a good time to change your password for the very same reasons. The more difficult it is to guess by adding unexpected characters, numbers and other symbols (^%$#&@*)as well as names with initial or other capital letters, the more difficult it will be to infiltrate. There are also many third party plugins available to WordPress users that add extra protection to your site. These include plugins that prevent the number of login attempts, or specify which IP addresses WordPress can be accessed by.  For a list of other simple but effective ways to protect your WordPress site, click here for tips from Forbes.com: (http://www.forbes.com/sites/anthonykosner/2013/04/13/wordpress-under-attack-how-to-avoid-the-coming-botnet/)

Advertisements

6 thoughts on “WordPress Hack And How To Protect Yourself

  1. We started the project by scouring all of the social networking sites for employees of our target company.
    Facebook staff work hard to make these crooks Facebook.

    Means to Guard Oneself from Facebook Hacks The greatest way to
    protect one’s Facebook account from hacking is never to trust anybody.

  2. All you need is a router and some technical help in setting it up.

    Allows setting parental settings restricting the playing of M-rated games or demos or viewing of R-rated movies or videos.
    By all means, do read – at the very least – Section 1 (the “overview”),
    which could answer many of your questions.

  3. Spiritual counselor Asha Praver will help participants
    better understand how physical and emotional maladies
    can arise when the chakras are out of balance.

    on the church patio (between the church and Mullen Commons), participants will celebrate the feast of St.
    Unfortunately, this is more image than reality as
    the fact is that out of Seattle’s over 400 parks spanning
    over 6,200 acres of land, only 14 parks covering a mere 25 acres are considered “pesticide-free.

  4. ” Other titles scheduled for March include “Julie Andrews’ Collection of Poems,
    Songs, and Lullabies” and Samir Selmanovic’s “It’s Really All About God: Reflections of a Muslim Atheist Jewish
    Christian. Because they possess the same mother, their mitochondrial DNA will be the same.
    Exclusively at Target: Prometheus with photo booklet.

  5. The road to visit these beautiful environments on a holiday in
    the forest is an organized tour, and there are plenty of forest adventure
    tour companies offering jungle tours worldwide. Certainly one of the higher-ranking
    device drivers over the last 90 days has been the presentation of the i – Pad (and
    Kindle for i – Pad) as well as the Kindle app for Android, not to mention
    the lower price of the Kindle itself. Buying eighteen fruits, berries plus vegetables and
    thinking you’ll be able to eat them all as needed
    before they go bad is nuts.

  6. Having done this then the Hyper Rank in the 2009 Sheraton Hawaaii Bowl halting.

    Even if you eat vegetarian food like leafy vegetables
    you can become physically tough. I once had an assignment
    in a speed reading course to outline a book.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s