Wide-scale attack on WordPress sites

As some of you may already be aware, there is an ongoing wide-scale attack on WordPress sites. This is not an isolated event, and has been happening for quite a while, peaking just a little under a week ago. We do want to emphasize that this is affecting everyone, but is not a cause for alarm. With just a few simple precautions, you can protect yourself.

To put things in the proper perspective, we first want to inform you about the nature of the attacks. Potential hackers are employing “Brute Force” methods to access your WordPress account. Once they have gained access to your account, they can then use various hacks to take over or destroy your site.

What is a “Brute Force” attack? Very simply: it is a way of guessing for valid passwords. It is not a very sophisticated attack, and is not targeting anyone in particular. What makes it dangerous is that it appears that they are employing massive botnets-casting a very wide net so to speak, making no distinction as to what kind of sites or businesses to target.

In response to this, we strongly urge you to take the proper precautions towards making sure that your WordPress site is not affected. There are some very simple ways to protect yourself which you can actually do yourself:

  1. Change Your Password:

Brute Force attacks are very resource intensive and only have a chance of succeeding if your passwords are not secure. Change your password right after reading this article. Make sure that it is a secure password, you can use this link to help you generate secure passwords; http://strongpasswordgenerator.com/

  1. Secure Your Username:

The username is half of the equation – using a common username is effectively giving malicious hackers that part of the equation – making it that much easier for them. If you see a user called admin (this is the default user) – change the username immediately. (roughly 90% of all the successful attempts are done through the ‘admin’ login)

Remove any other user that you are not familiar with.

*You may also want to change the password of the email that is associated with the login. If they share the same password and your WordPress site is compromised, then your email will potentially be compromised as well.

  1. Make Sure Your WordPress Installation is Up-to-Date:

Please take note however that updating your WordPress core could break your site layout. It would be best to talk to your web design consultant and /or have a professional do it for you.

That’s it! Doing just the first two simple steps will secure your site enough so that majority of the Brute Force attacks will not affect you. This is of course a very basic precaution (one which you should already be doing!). This will NOT protect you from more serious threats.

If you feel that your site needs the following, please contact a QTree Consultant right now:

  1. My site(s) needs more protection
  2. I need advice and help towards implementing the above recommendations and suggestions
  3. My site(s) is already compromised

Note that we have various services which you can avail of which will help with protecting your site. In response to the increase in global WordPress attacks we have developed specific WordPress security packages for you to avail of.

1Reference Links: