Security experts are warning about a large botnet attacking WordPress sites using brute force attempts to break passwords. It is important to note that WordPress is not insecure. It is, however, a big target with a massive number of sites installed, many of which were installed by morons who use things like “God123” as their password. Do yourself a favor, protect your WordPress site from brute force attacks – hire a professional to install it or at least to run a security audit on it. If your site is hacked, email me and I can help you get it back. Here is a list of things you can do right now to keep your site safe.
- Install the plugin to Limit Attempts to Access Admin – this may not stop it cold as some reports have the current attack using over 90k ip addresses. Still, this is worth while. http://wordpress.org/extend/plugins/limit-login-attempts/
- Change your password (and ALL passwords for your site ) to something that uses at least 8 characters, including numbers, symbols and uppercase.
- Do not use “Admin” as your user name. If you do, set up a new administrator account and delete the admin user.
- You can install a second layer of security by installing an htaccess password. Instructions here.
If you can’t do this, then please contact me and I can do it for you.