WordPress admin account attacks

. April 14, 2013 . 0 Comments

Online web sites are reporting an increase in attacks on WordPress admin accounts. “The attacker is brute force attacking the WordPress administrative portals, using the username ‘admin’ and trying thousands of passwords,” Matthew Prince, CEO of CloudFlare, said in a posting.

Founding developer of WordPress, Matthew Mullenweg said “”Almost three years ago we released a version of WordPress (3.0) that allowed you to pick a custom username on installation, which largely ended people using “admin” as their default username. Right now there’s a botnet going around all of the WordPresses it can find trying to login with the ‘admin’ username and a bunch of common passwords, and it has turned into a news story (especially from companies that sell ‘solutions’ to the problem).” Mullenweg recommended that users check to see if they are up to date with the latest versions of WordPress. In addition, those who still had “admin” as a username should proceed to change it, and to create a strong password. Also, he recommended that those on WP.com turn on two-factor authentication.

There is an article on changing wordpress admin username at: http://www.websitedefender.com/faq/change-default-wordpress-admin-username/

Self hosted WordPress blogs can download a plugin at: http://wordpress.org/extend/plugins/duo-wordpress/

Category: WordPress

Leave a Reply

Your email address will not be published. Required fields are marked *