WordPress Security For Blog Administrators

For those of you who are administrators of a WordPress blog, I thought I’d pass this along so you’d know WP is having some problems.

Brute Force Attacks Build WordPress Botnet by Brian Krebs:

Security experts are warning that an escalating series of online attacks designed to break into poorly-secured WordPress blogs is fueling the growth of an unusually powerful botnet currently made up of more than 90,000 Web servers….

Matthew Mullenweg, the founding developer of WordPress, suggests site administrators chose a username that is something other than “admin”. In addition, he urged WP.com-hosted blogs to turn on two-factor authentication, and to verify that the site is running the latest version of WordPress. “Do this and you’ll be ahead of 99% of sites out there and probably never have a problem,” Mullenweg wrote.

Even if you’re not a blog administrator, you might want to check out this from Krebs:

These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*). For more on picking strong passwords, see this tutorial.

WordPress blogs and more under global attack – check your passwords now! by Paul Ducklin:

Tireless cybercrime and underweb reporter Brian Krebs has published a list of sample WordPress usernames and passwords used in this attack, courtesy of security breach cleanup company Sucuri.

The top thirteen generically-chosen dictionary entries for username and password are as follows:

Dirty Thirteen Passwords

It’s worth a look at the list (click on the image above), if only to reassure yourself that you haven’t taken chances with any of your own passwords.

Notice also that the attackers are focusing on the username admin, used in 90% of the login attempts, because it’s the default WordPress administrative username.

Go to the links for complete information.

Image from the post by Paul Ducklin.


What are your thoughts?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s