The brute force attacks against WordPress sites just doesn’t end, hackers are constantly recruiting new blogs for their ‘Zombie’ army, which side on you on?
Make sure you’re not part of the ‘Walking Dead’.
“Botnets” use hundreds of thousands of unique IP addresses (from compromised/hacked ‘Zombie’ computers across the world) to attack hosts across the globe, specifically targeting WP Blogs.
Brute force attacks against WordPress have trebled in recent months!!!
Even big web hosts have been warning their customers about this, some have even had to take drastic measures to keep their servers and their customers sites up and running, even so far as to globally disable access to wp-login.php on sites, so their owners are locked out until the host can put a better solution in place.
Botnet’s like this mainly target /wp-login.php and /wp-admin to try and get access using brute force, and obviously the main target for login attempts is the default username “admin”.
Does your blog login use the username “admin”..?
The top passwords targeted include some fairly obvious one’s, make sure you’re not using something as weak as any of these:
if you are using something like this then you may already be hacked…
so what about some practical advice…
The most important thing you can do right now is:
1. Make sure you have a super strong password
2. check this out for a complete WordPress Security Plugin Suite to secure your blog now:
1. delete any unused plugins & themes
2. setup an “admin” that doesn’t use the name “admin”, and delete the one that does
3. make sure all your plugins, themes & version of WP are up to date
If you provide SEO or website services to clients you can even use these premium plugins to offer a high value service to your clients…