Welcome to Our Blog

WordPress Under Attack : Preventative Actions You Can Take

Apr 24, 2015

WordPress is a popular website building platform thanks of it’s ease of use. It is quick and simple to set up a website, and very easy manage a large amount of content. WordPress allows you to add options for functionality without you having knowledge of any coding languages. Having a large developer community which creates plugins for free allows other users to benefit greatly.


Beyond being easy to create a website on, WordPress is also hacked easily. When processes we thought were complicated turn out to be easy, we are less vigilant and take less security measures – such as using an obvious password. Keeping the default “admin” username and not updating the site software are also security weaknesses.


Security weaknesses such as those can allow unidentified groups of hackers to attack WordPress using brute force attacks on WordPress installations and form a botnet of infected servers which are stronger and more destructive.


More than 90,000 IP addresses are used by these unnamed attackers to brute-force crack credentials of vulnerable WordPress accounts.


Many cyberattacks are committed by hackers that use worms that infect individual computers, and then use them to create spoof addresses for various types of fraud.


Tying together servers with a large number of network connections possessed by a WordPress site can increase the chances by a magnitude or two.


If you or your company have sites using WordPress, there are two things you should keep in mind. First, you should avoid having your own website hijacked and second is you should avoid becoming a part of a bigger problem.


Fortunately, there are precautions that you can take which help to lower likelihood of you being part of the problem.


Don’t use an obvious password. Just this simple step will make brute-force attacks that much harder. Hackers usually attack novice users who don’t make the extra effort to switch their login information. Use a password that has a mix of uppercase and lowercase as well as numbers and symbols ($%^@!&*).


Get rid of the “Admin” username. The attackers in possession of 90,000 IP addresses are trying to crack the users who use the default username “admin” accounts on WordPress Installations. Change the name, and create another user with admin privileges and with a strong password. Log in as the new user and delete the old “admin” account – assigning all posts to the new user you created.


Take advantage of two factor authentication. If you have a WP.com account, use their two-step authentication which will verify you are a human logging in and not a bot.


Keep your WordPress updated.Hackers often exploit holes that have been found in previous versions of WordPress, so keeping yours updated is an easy way to avoid any issues.


Use a service such as CloudFlare. WordPress operators can sign up for a free plan from CloudFlare, which automatically blocks login attempts that show threatful signatures of a brute-force attack.


Estimated figures show that 1 out of 6 websites is built on WordPress. That is a myriad of opportunities to create a botnet from. Do not let your site be one of them. Follow the suggestions listed above.

Need More Info? Call Us (888) 834-8932

Contact Us

© 2012 Toronto Professional services LTD. All rights reserved