Recently, a new botnet is focusing on the WordPress installations worldwide. It is been found that the primary method of their attack is some thing called brute force attack.
The key target of this attack is to gain access to the WordPress installation using the “admin” username among many. The botnet performs login attempts using the username “admin” and password from a number of common used passwords and dictionary words. If any of the random passwords they tried matches with your “admin” username then the attack is successful.
What are the preventive measures?
There are various recommendations and plugins around to protect the WordPress websites from this botnet attack. I would recommend these basic and easy steps to be taken before any other action.
- If you are still using “admin” username for blogging or administration of your WordPress site, change your WordPress admin username to a more human name such as “Karan” or “Rajesh”
- Make strong passwords for your administrator user accounts as well as other user accounts.
These two simple steps can protect your website to a great extent and put you ahead of other websites.