Home » Plano Texas Website Design » WordPress Security Issues: Do Not Use: ADMIN or ADMINISTRATOR

WordPress Security Issues: Do Not Use: ADMIN or ADMINISTRATOR

Attention, WordPress users: If you have a WordPress username set to “admin,” change it immediately.

Thousands of WordPress sites with an administrator username set to “admin” or “Admin” had been were compromised through a large scale brute force attack.

Sites with the login of “admin” or “Admin” or “Administrator” had a backdoor installed that provides attackers with ongoing access to the WordPress site.

Changing the password will not solve the problem, the backdoor is there which enables the to scan for WordPress installations, and launch the same type of attack against those sites.

WordPress advsise to not use “admin” and “Admin”,  “test,” “administrator” and “root.”

“Almost 3 years ago we released a version of WordPress (3.0) that allowed you to pick a custom user name which largely ended people using ‘admin’ as their default username,” said Mullenweb in a blog post. “If you still use ‘admin’ as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress.”

The WordPress “admin” attacks have recently tripled in volume. “We were seeing 30 to 40 thousand attacks per day the last few months. In April 2013, it increased to 77,000 per day on average, reaching more than 100,000 attempts per day in the last few days,” said Sucuri CTO Daniel Cid in a blog post. “That means that the number of brute force attempts more than tripled.”

More Here.

REMEMBER: Hackers can access your site through:

1.  Login and PW vulnerabilities

2.  Plugins can be a hacker access point

Suggested Resources for WordPress Vulnerabilities:

http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
http://codex.wordpress.org/Hardening_WordPress

Which can shed some light on what happened, and how to fix and harden WordPress.

Posted in Plano Texas Website Design, Word Press Tutorial

Leave a Reply

Your email address will not be published. Required fields are marked *