Security experts have reported a Brute Force attack over the WordPress blogs and thousands of blogs have been reported to be hacked because of the massive attack being done. This attack has been confirmed by the Cloudflare. The attack uses botnet and automated attempts to guess the passwords for the default admin account of the WordPress. Surely! the use of weak passwords and the default admin username for your WordPress is the biggest problem which can become the cause of your blog take-down by the hackers.
Remain Safe From the Massive WordPress Brute Force Attack:
You can easily avoid this attack by following these general and very simple instructions:
- Don't use default user name i-e admin to login to your blog because it's the default account which you get when you install WordPress. Be sure to add a new administrator account and change the username of that account to something random.
- Don't use weak passwords because passwords like in the dictionary and other language words are damn easy to be guessed by a powerful machine. Make a strong password consisting of numbers and symbols.
- Be sure that your WordPress version is up to date and no surplus deactivated themes and plugins are present, as any old file and vulnerable can be a cause of hacked WordPress blog.
Actually the attack isn't that much strong but chaining together the power of various servers and hosting is going to make it real strong against your blog. If the hosting companies accounts are vulnerable and undertaken by hackers then a botnet attack carried by this will be damn more powerful than the zombie laptops attacks.
A recent report has shown that the last attack reported was dependent on the 90,000 IP's and it means how large number of hosting accounts have been compromised and as far as I am concerned they are also making use of other vulnerabilities in the WordPress and website structure though the main attack is reported to be a Brute Forced one.
WordPress team action at it's side:
WordPress is going to roll out a two factor verification for the login process of the CMS and it will make brute force die out completely and almost unusable against the WordPress blog. Unfortunately it's not possible to change the default login directory of the WordPress but once can change his username and password. So go for it!
Tags: Hacking Websites, Security Section, Wordpress Tricks