Updated 5:22pm PT with comment from WordPress.
Hackers are targeting major blogging platform WordPress using a botnet aimed at stealing login credentials for admin-level accounts.
Those who use WordPress to run the back-end of their blogs may want to pay close attention to their accounts. Attackers are accessing the login portals for those blogs, entering the username “admin,” and then using a tool that “brute forces” its way into the account. The tool is programmed with dictionary words, which it then enters into the login portal by the thousands to guess your password. Many people still use “password” for their, well, password, and other easy-to-remember words.
WordPress founder Matt Mullenweg released a blog post saying, “If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem.”
He explained that in the WordPress 3.0 update, the company began allowing you to create your own login username when you first set up your WordPress backend — “admin” used to be the default. If you took the opportunity to make your own username, your account will be unaffected for now.
CloudFlare — a company that filters your web traffic to make sure your pages are loaded speedily, but also watches for bots stealing your bandwidth — released a blog post saying that it believes the attacker behind this botnet likely wants to take over your website’s servers, not mess with your WordPress site. The botnet as it stands now, according to CloudFlare, is made up of home PCs that aren’t as powerful as full servers. With that server capability, however, the botnet would be able to execute more impactful attacks such as strong denial of service attacks that can knock a website offline.
CloudFlare explained to me in an email that over 100,000 IP addresses are currently detected in the botnet.
“It’s a big attack directed at a significant percentage of the WordPress installs worldwide,” a company spokesperson said in the email.
We have reached out to WordPress and will update this post upon hearing back.