Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

WordPress site attacked by cybercriminals

Blogging site WordPress has been attacked by a cybercriminal botnet made up of “tens of thousands” of individual computers since last week say server hosts.

The attack has come a week after WordPress increased its security settings, adding an optional two-step authentication log-in process to its current system.

Server hosts Cloudflare and Hostgator noticed today that WordPress had been attacked by a botnet comprised of “tens of thousands” of individual computers, with attacks starting sometime last week.

The cybercriminals are targeting bloggers and website owners utilising the “admin” username, accessing people’s WordPress accounts by inputting thousands of potential passwords until one of them fits.

“Here’s what I would recommend: If you still use ‘admin’ as a username on your blog, change it, use a strong password,” wrote WordPress founder Matt Mullenweg on his blog.

“Most other advice isn’t great – supposedly this botnet has more than 90,000 IP addresses, so an IP-limiting or login-throttling plugin isn’t going to be great (they could try from a different IP [address] a second for 24 hours),” added Mullenweg.

CloudFare CEO Matthew Prince has warned that the aim of the WordPress attack could be to build a stronger botnet, capable of bypassing increasingly complex security systems.

“One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much large botnet of beefy servers in preparation for a future attack,” wrote Matthew Prince, CEO of CloudFare.

“These larger machines can cause much more damage in DDoS [Distributed Denial of Service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic.”

All WordPress users are being advised to change their passwords, even if they don’t sport the ‘admin’ username, in case of a wider attack.

“The attack volume in this case has been sufficient to attrack global attention, which is a good thing, but it’s currently thought to be only about three times the usual level,” said Head of Technology at Sophos Paul Ducklin. “In other words, even when ‘normal service’ is resumed, we’ll all still be firmly in the sights of the cybercriminals, so take this as a spur to action.”

WordPress is currently used to provide somewhere in the region of 64 million websites, read by around 371 million people.

Via: PC Pro

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.