deansaliba
New member
This is something I wrote on my blog at the weekend and thought WordPress users on here might be interested:
If you have a WordPress blog then you might have noticed that for the past couple of days when you try to navigate to your admin login page you are confronted with an unexpected pop-up box asking you to enter login details. Many owners might fear that this is a sneaky trick by hackers to obtain your login details but it isn’t.
There is currently a massive attack on WordPress blogs from an unknown person(s), the attacks are widespread and they are hoping to hijack any vulnerable blogs by using over 90,000 IP addresses to try and gain access to admin panels by using the admin username and trying out thousands of commonly-used passwords.
Once they have control of your blog they will slip in a backdoor that gives the attacker(s) remote control over your blog without you even knowing about it (the same way they do it with computers) and you will then join their army as they attack more sites.
A lot of web hosts have been very quick to add an extra layer of security for your blog, it will mean having to enter in a different username and password (the host will tell you) to gain access to your admin login page.
There are a couple of things you can do to keep yourself safe:
Update WordPress – Make sure you are using the latest version of WordPress (3.5.1 at the time of publishing this), outdated versions have security flaws and make it incredibly easy for hackers to get in.
Strengthen Password – Don’t pick something like ‘password1’ make your password as strong as you can to make it more difficult to crack, try a mixture of upper and lower case letters with a number or two thrown in.
Watch the Plugins – There are a lot of rogue plugins doing the rounds these days, I wonder how many people remember when Saurabh Nagar sent me a copy of his BlogPressSEO plugin which he was using to hijack blogs? A good rule of thumb is to only use plugins that are listed in WordPress’ official plugin directory as they are examined closely.
The message security analysts are putting out there is that while this is something to take seriously it is not something that you should be overly worried about as long as you defend yourself by taking some of the steps above.
If you have a WordPress blog then you might have noticed that for the past couple of days when you try to navigate to your admin login page you are confronted with an unexpected pop-up box asking you to enter login details. Many owners might fear that this is a sneaky trick by hackers to obtain your login details but it isn’t.
There is currently a massive attack on WordPress blogs from an unknown person(s), the attacks are widespread and they are hoping to hijack any vulnerable blogs by using over 90,000 IP addresses to try and gain access to admin panels by using the admin username and trying out thousands of commonly-used passwords.
Once they have control of your blog they will slip in a backdoor that gives the attacker(s) remote control over your blog without you even knowing about it (the same way they do it with computers) and you will then join their army as they attack more sites.
A lot of web hosts have been very quick to add an extra layer of security for your blog, it will mean having to enter in a different username and password (the host will tell you) to gain access to your admin login page.
There are a couple of things you can do to keep yourself safe:
Update WordPress – Make sure you are using the latest version of WordPress (3.5.1 at the time of publishing this), outdated versions have security flaws and make it incredibly easy for hackers to get in.
Strengthen Password – Don’t pick something like ‘password1’ make your password as strong as you can to make it more difficult to crack, try a mixture of upper and lower case letters with a number or two thrown in.
Watch the Plugins – There are a lot of rogue plugins doing the rounds these days, I wonder how many people remember when Saurabh Nagar sent me a copy of his BlogPressSEO plugin which he was using to hijack blogs? A good rule of thumb is to only use plugins that are listed in WordPress’ official plugin directory as they are examined closely.
The message security analysts are putting out there is that while this is something to take seriously it is not something that you should be overly worried about as long as you defend yourself by taking some of the steps above.
