Hackers Compromise Over 90,000 WordPress Blogs – Keep Yours Safe! [Updates]

Ads by Google

A group of hackers have attacked 90,000 smaller WordPress blogs using a simple brute force method. We all know the importance of having secure passwords, but one thing we all too often forget is usernames. The default “admin” username and some common passwords allowed hackers to jump in and get access to all these blogs with minimal effort involved.

The attacks have been ongoing for about a week, and the number of blogs targeted is quite substantial. It’s possible that some of the attacked blogs were started and just never used, but it seems probable that a good number of them are actual blogs where the owner just did not think to change the default username.

The program used by the hackers would simply cycle through 1000 commonly used passwords with the default WordPress username. Obviously, if you are a savvy blog owner, you’re going to be just fine, but based on the number of successful attacks, it appears there were more than enough easy targets out there for the group of hackers to take.

Once the attack compromises the system, it drafts the blog into a botnet, which is a group of machines that communicate with each other and are capable of wide-spread attacks. The compromised blogs themselves are not all that useful to the attackers, but the actual target could be the servers on which they are housed.

At this point, we are not sure what the ultimate goal of the botnet is. 90,000 compromised machines could certainly be useful in denial-of-service (DDoS) attacks, but only time will tell what comes of this.

If you’re still using “admin” as your username on WordPress, you should change it immediately. Come up with a more secure username, a secure password, and use two-step authentication to keep your blog as safe as possible.

Did your WordPress blog get attacked?

Source: Mashable

Ads by Google
Comments (12)
  • SVV

    My office blocks the pdf link. I get “access denied” when I click or try to save the pdf. Please help :(

  • Mark Bennett

    This article could have been replaced by the tweet: “Don’t use ‘admin’ as your username on WordPress”

  • null

    I see too many password compromises too often. Why cant people just stop being lazy.?

  • mari

    Actually, yes, my site was attacked, which I found out after installing Login Security Solution plugin to fend it off.

    Now that the dust has settled, I’m wondering what to do next. I posted yesterday with no problem but still uneasy about it.

  • Tim Berneman

    A few of my WordPress sites got hacked, the only ones where I did not have the “Better WP Security” plugin installed. I restored from a backup and immediately installed the plugin. I highly recommend it.

    Get it in the WP repository: http://wordpress.org/extend/plugins/better-wp-security/

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.