Key Our Cars What are you going to do next?!

13Apr/130

If you’re running any WordPress sites and you still have an ‘admin’ account…

If you're running any WordPress sites and you still have an 'admin' account (shame on you for not deleting/renaming it) on them then you would be well advised to get in there and give the account a significant password.

There's reports of a fairly massive brute force attack going against WP sites against the admin account.  Once they've got the password they install a backdoor and put code on the site that will turn your host into another node in a botnet.

You might also want to make sure you're 100% up to date.

Apparently they've taken over enough WP sites that they've got a fairly significant zombie army and as they convert more hosts they get more processing power which better allows them to take over more sites etc.

They're being used, reportedly, against financial instituations at the moment so you might want to make sure you're not using the same passwords on your WP site as your bank...

I strongly, as an IT professional, recommend that you don't use passwords but passphrases.  A string of three words with a number in them somewhere, not on the end or middle.   Using P@$$w0rd type stuff only makes it hard for 'us' to remember them.    Green13mulejumpS is significantly harder for the bad guys to figure out.

They've stolen so many millions of accounts and passwords that they have a huge database of passwords to try so you have to go the extra mile.

Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

20 − 13 =

No trackbacks yet.