In case you missed my first post about the recent attacks on WordPress hosts, let me quick summarize. Last week a botnet of computers targeted WordPress hosts around the globe. The attacks were targeted at WordPress websites where the default “admin” account was still intact. The botnet would then run through an algorithm to try an guess the password by trying the most popular 1000 passwords. If it cracked your system, your website was added to the botnet of computers and would help target the next WordPress host, growing exponentially as more and more websites were cracked.
Every WordPress hosting provider that I have talked to (Dreamhost, Media Temple, InMotion, and HostGator) had already taken measures to mitigate the damage.
Matt Mullenweg, a WordPress founder, was on his blog to providing advice. He explained that hackers had been targeting users who never changed the “admin” username for their account. “If you still use ‘admin’ as a username on your blog, change it,” he recommended.
If you have not done so already
Please change your WordPress Password immediately
…(especially if you are still using the Admin username)
- Log into your WordPress Dashboard
- Go to Users –>Your Profile
- Scroll down to the “About Yourself” section and choose a new password that meets these requirements:
- Upper and lowercase letters
- At least eight characters long
- Including “special” characters (^%$#&@*).
- Scroll to the bottom and click on Update Profile