By now you’ve probably heard of the Warning to WordPress website owners.
I hadn’t published anything about this, because our clients websites are already secure.
We already change many of the “standard” things about WordPress to prevent these problems from happening to our clients.
For example . . .
(and this gets a bit “techy” so I will try to explain simply) . . .
The WordPress database tables, (the files where your website information is stored), are installed with standard names which makes them very easy to find and hack, (change or corrupt).
So, one of our standard procedures when setting up a new website is to change these names to something meaningful to us, but a bit more random.
This stops the hacker from guessing the file names and being able to access them.
Now, back to the current threat.
The problem arose because people use standard login names on their website . . . such as “admin” . . . and common passwords.
Essentially . . . the hackers have released “bots” or computer program robots that are attempting to login to a website thousands of times with the userid of “admin” and a range of commonly used passwords.
They are doing this by “brute force”. In other words, making thousands of attempts to log in to websites.
Even though these may be unsuccessful, they could have the effect of slowing down your website response times.
And quite often, this random approach is yielding a successful login access to the website because the website owner has:
- used a userid of “admin”
- been lazy with their password choice
So if you do either of these on your WordPress website, you should immediately:
- change the “admin” userid, and/or
- reset the password to something totally random that the robots will not easily guess, like “1jhrs93-$%GH”
- make sure your website has the latest version of WordPress
- take a full backup of your website, (you should regularly do this anyway)
These steps will put you ahead of 99% of the websites out there, (which is why our clients have not had this problem), and then you will probably never have this problem either.
If you are managing your own websites, the WordPress codex website has a good article on improving the security of your website:
http://codex.wordpress.org/Hardening_WordPress
You can read more about these attacks here:
http://ithemes.com/2013/04/15/ongoing-wordpress-attacks-details-and-solutions/
In particular, take note of the list of common or easy-to-guess passwords that the robots are getting most success with:
- admin
- admin123
- 123456
- 123123
- 123456789
- password
- 1234
- root
- 1234567
- 12345
- qwerty
- welcome
- pass
- abc123
- 12345678
- 1111
- test
- monkey
- iloveyou
- dragon
- demo
Well, that is quite simple really!
.
What should you do now?
- Change your username and password
- Upgrade your WordPress version
- Do a website backup
- Want some help or ideas? Just contact us at Hotpink Websites now.
.
Quote
There is no security on this earth; there is only opportunity.
~ Douglas MacArthur
Remember – Warning to WordPress website owners
.
Leave a Reply