There is currently a hacker “Brute Force” password attack going on against WordPress sites all across the web (click here for more details). To protect yourself and your websites, here’s are three tips to achieve a more secure WordPress site from these attacks.
What is a Brute-Force password attack?
In this Brute-Force password attack, armies of “zombie” PCs which have been infected with malware are attacking thousands websites worldwide as they look for vulnerabilities and try to crack the password of a site. Once the site is breached, the hackers can mutilate the site or insert additional malware codes which would effectively “infect” the website, and further spread the attack.
Simple – 48% of the world’s top blogs and 15% of the world’s top traffic websites run on WordPress. The footprint of WordPress globally is simply massive…
Add to that huge number, the fact that the default username for administrators on WordPress is usually “Admin” and that most people use that username for their main administrator account.
What you get is a perfect recipe for a Hacker vulnerability… In this case, a hacker simply has to figure out what is the password for the website, since the username will most probably be Admin.
Given that computers don’t get tired of running a process and can spend hours trying random combinations, it simply becomes a matter of unleashing thousands of automated robots to seek out websites running WordPress and then trying to crack the password for a website by entering Username “Admin” and multiple variations of the password.
What can you do about it?
Here Are 3 Tips You Can Use Right Now for a More Secure WordPress Site:
1) Use a strong password.
Many people have very easy to guess passwords such as “123456”, “password” and “welcome”
Opt to have a hard to crack strong password that consists of upper and lowercase letters, numbers and special characters.
I published a previous blog post with a video on how to create a strong password (That’s easy to remember)
2) Use a different administrator username from “Admin”.
Note: This is not as easy as simply logging in and changing a username, since current versions of WordPress do not allow users to change a username once it’s been set. Your only option is to create another administrator account with a different name, and then delete the original Admin. You’ll have to assign all the posts from the old “Admin” to your new administrator account.
Here is information on how to change your WordPress User Admin Name.
BTW, I don’t use username Admin in my WordPress sites, and I ensure that all of AmiJoy’s web development services clients are all protected with highly secure usernames and passwords as part of our web development offerings. In other words, every website we develop is set up to be secure against these kinds of attacks.
3) Make Sure to Update Your WordPress Version
WordPress regularly posts updates to their software. Many of the reasons behind these updates are to address security vulnerabilities and close “loop holes” that may pose a risk to WordPress sites. Make sure that your site is running the most recent version of WordPress.
If you’re currently running WordPress and are using Admin as your username and not using a strong password combination, I highly recommend that you follow these instructions and secure your sites from this hack attack.