Although it’s always a good idea to regularly change your passwords, it’s an especially smart idea in light of news that WordPress is under a significant attack. The brute-force dictionary-based attack is an attempt to find passwords for the “admin” accounts that WordPress creates by default, according to TechCrunch.
“As for the scope of the attack, [CloudFlare CEO Matthew] Prince says that CloudFlare saw attacks on virtually every WordPress site on its network.”
How To Protect Your WordPress Site From Attack
There are several things you can do to help protect your WordPress site from the attack—and we recommend doing them immediately.
Change Your Password
Even if you’ve recently changed your password, change it again—and, please, make it difficult. Use random letters, numbers and symbols to create a combination that’s hard to guess or hack.
Change Your User Name
This attack is specifically targeting accounts with the “admin” user name, so if you haven’t changed this default setting, do it now. Change it to your name, your company’s name—anything other than admin will add an extra layer of protection to your site.
Install A Plugin
Want to add an additional layer of security to your site or blog? Consider installing a WordPress plugin that limits the number of login attempts from the same IP address or network. This isn’t a foolproof method—as TechCrunch points out, many hackers have a large number of IP addresses and/or networks at their disposal. Still, when it comes to security, you can never have too much—and if a plugin gives you some additional peace of mind, we say go for it.
We recommend taking these steps as soon as you can. This initial attack may be stopped at any time, but a scary prediction from the CloudFlare team indicates that this may only be a precursor to a larger event.
“One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack. These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic.”
We’ll be sure to keep you updated on the attack. In the meantime, go change your password and user name…now!