Hackers Point Large Botnet At WordPress Sites
By Matt Adams on April 15, 2013
Are you using wordpress for your website content management system or blogging platform? If so you need to read this.
In recent news over the last few days, hackers have been targeting and sucessfully gaining access to wordpress admin panels by brute force. The most common issue is out of date plugins / wordpress files, and simple dictionary based passwords.
So what do you do?
4 easy steps to keep your site secure
- Stop using ADMIN as the username.
If you are using admin, login, create a new user with full admin rights. Then logout as admin, and in as your new user. Delete the old admin username, and assign all posts, content and pages to your new user. - Use secure passwords
8 – 12 characters long, with upper, lower case letters as well as a number. Using names, birthdays and uniqe spellings can help. Like Thom@s1198 would be secure. - Keep WP and all plugins up to date.
WP makes this process pretty easy. Regular updates should not take long, and are usually pretty painless. In your apperence > Plugins screen you will see which plugins need updated. And WP core can be updated from the dashboard home screen. Be sure you have a recent database backup before doing these updates. - Avoid using too many plugins.
Yes, there is always an app for that. There are 100k+ plugins for wordpress. Anyone can write a plugin. Often plugins can leave security holes and cause a drain on the server. Remove any and all unused plugins, and always check the plugin reviews before installing.
Need Assistance?
Factor1 members: We’ll do this for you automatically. We do these checks often, but will make a special effort this week to keep your site secure.
Not a member? We can perform a full site security scan, which includes a database back up, run all WP core and plugin updates, evaluate all user logins, and remove any and all issues we find. We have a one time fee of $50.