Jim's Marketing Blog

Marketing tips and ideas to help you grow your business

  • Home
  • Contact
  • About
    • About Jim Connolly
    • Newsletter
    • The marketing tips you need in 2023!
    • Privacy Policy
    • How I use cookies
    • Disclosure
  • Hire me
    • Marketing service
    • Pick my brain

WordPress botnet attack: Improve your security

By Jim Connolly - Published: April 13, 2013

If you have a WordPress blog or website, it’s important that you improve your security, as soon as possible. This post explains why and offers some tips to make your WordPress site safer and gives you links to 2 free security tools you can use.

WordPress botnet attack

Wordpress botnet, username password, distributed attack

Hosting companies worldwide are reporting a surge in attacks on WordPress sites right now. It was reported yesterday that a botnet, with an estimated 90,000 servers (and growing), is trying to log into WordPress sites by cycling different usernames and passwords.

Ars Technica reported today, that this ‘huge attack’ could create a botnet like we have never seen before. My security provider, Sucuri, (affiliate link) says the number of attacks has increased by almost 300% in just a few weeks.

(UPDATE) This free online tool from Sucuri, will check if your blog has been attacked. It also shows you if you’re using the latest version of WordPress and if your site has been blacklisted. You will see your results in seconds. Simply enter the address of your blog.

WordPress botnet: What to do

As this attack seems to use brute force to cycle through usernames and passwords, I suggest you beef up your log in security, by adding a WordPress plugin. This will block anyone from accessing your site if they attempt more than a certain number of failed log ins. The plugin I use is called Limit Login Attempts and is available for free, from The WordPress Repository.

By default, WordPress allows people unlimited log in attempts. This means botnets can target your website / blog with hundreds or thousands of different user name and password combinations. By limiting log in attempts to just a handful, you make it significantly harder for this type of attack to happen. (Update) Whilst this may help and is a good idea against general attacks, WordPress founder Matt Mullenweg has suggested that ‘log in throttling’ plugins may not be of much help with this specific attack.

Change your WordPress username from admin

I also suggest you change your WordPress user name from ‘admin’. Admin is the default WordPress user name and sites using it are massively easier to break into, because only the password needs to be hacked.

If you’re not sure how to change your WordPress username, there is a step by step guide here. You can also go to YouTube and search for: ‘Change WordPress username’. There are lots of videos showing exactly what you need to do. It’s very simple, takes just a little time and improves your security significantly.

Update your WordPress software and plugins

It’s important to make sure you’re running the most recent version of WordPress. New versions of WordPress often contain security updates, which will protect you from attacks that target older versions of the software. Before you update WordPress, it’s a good idea to back up your data first.

Make sure your plugins are up to date too. Out of date software is easier to hack and newer versions often provide additional security, which patches holes found in older versions.

Update your WordPress blog themes

If you use a blog theme, make sure that it’s up to date. It’s also important to either update or delete OLD blog themes, as these inactive themes can still be used to get into a site. Before updating your blog theme, remember to back up your data first.

These are just some of the things you can do, for free, which will make your site safer. With such an increase in WordPress botnet attacks right now, it makes sense to take some time as soon as you can, to improve your security.

News regarding this attack

VentureBeat: WordPress admin accounts target of botnet attacks.

TechCrunch: Hackers Point Large Botnet At WordPress Sites.

The Verge: Massive botnet using brute force attack to target WordPress sites.

UPDATE: WordPress founder Matt Mullenweg released some advice from his blog:

Here’s what I would recommend: If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem. Most other advice isn’t great — supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours).

Let's grow your business! I'll help you increase your sales and boost your profits. To find out how, read this!

Share this ❤️

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • More
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to print (Opens in new window)
<< PREVIOUS POST
NEXT POST >>

FREE marketing tips!

Get my best marketing tips, advice and ideas delivered direct to your inbox. Just add your email below.
You can unsubscribe at any time. I respect your privacy.

Hi! I'm Jim Connolly and I help small business owners to increase sales, boost their profits and build amazing businesses. Read more here.

Featured by

marketing advice, marketing help

Categories

  • Blogging (405)
  • Business development (458)
  • Copywriting (298)
  • Email marketing & mail shots (182)
  • General marketing (1,655)
  • Professional development (522)
  • Social media marketing (353)

Search

Recent posts

  • Start with the end in mind January 28, 2023
  • What’s really stopping you? January 26, 2023
  • Want better advertising results? Read this January 24, 2023
  • The big strategy behind every successful business. Here’s how it works! January 19, 2023
  • Get your prospects’ urgent attention and immediate action January 18, 2023
  • It costs $26,000 a gallon and it’s less useful than water! January 15, 2023
  • Almost everyone will ignore you January 14, 2023
  • Moving your business forward January 11, 2023
  • How to access proven marketing ideas January 8, 2023
  • You control all the important stuff January 7, 2023
  • Home
  • Contact
  • About
  • Hire me

Copyright © 2023 Jim Connolly