Warning to WordPress website owners

By now you’ve probably heard of the Warning to WordPress website owners.

I hadn’t published anything about this, because our clients websites are already secure.

We already change many of the “standard” things about WordPress to prevent these problems from happening to our clients.

For example . . .

3008074711 db43691e69 m1 Warning to Wordpress website owners

WordPress (Photo credit: Huasonic)

(and this gets a bit “techy” so I will try to explain simply) . . .

The WordPress database tables, (the files where your website information is stored), are installed with standard names which makes them very easy to find and hack, (change or corrupt).

So, one of our standard procedures when setting up a new website is to change these names to something meaningful to us, but a bit more random.

This stops the hacker from guessing the file names and being able to access them.

Now, back to the current threat.

The problem arose because people use standard login names on their website . . . such as “admin” . . . and common passwords.

Essentially . . . the hackers have released “bots” or computer program robots that are attempting to login to a website thousands of times with the userid of “admin” and a range of commonly used passwords.

They are doing this by “brute force”.  In other words, making thousands of attempts to log in to websites.

Even though these may be unsuccessful, they could have the effect of slowing down your website response times.

And quite often, this random approach is yielding a successful login access to the website because the website owner has:

  • used a userid of “admin”
  • been lazy with their password choice

So if you do either of these on your WordPress website, you should immediately:

  • change the “admin” userid, and/or
  • reset the password to something totally random that the robots will not easily guess, like “1jhrs93-$%GH”
  • make sure your website has the latest version of WordPress
  • take a full backup of your website, (you should regularly do this anyway)

 

300px Douglas MacArthur lands Leyte13 Warning to Wordpress website owners

English: Gen. Douglas MacArthur wades ashore during initial landings at Leyte, Philippine Islands. Français : Le général Douglas MacArthur marche vers la rive durant le débarquement à Leyte, dans les Philippines. (Photo credit: Wikipedia)

These steps will put you ahead of 99% of the websites out there, (which is why our clients have not had this problem), and then you will probably never have this problem either.

If you are managing your own websites, the WordPress codex website has a good article on improving the security of your website:

http://codex.wordpress.org/Hardening_WordPress

You can read more about these attacks here:

http://ithemes.com/2013/04/15/ongoing-wordpress-attacks-details-and-solutions/

In particular, take note of the list of common or easy-to-guess passwords that the robots are getting most success with:

  • admin
  • admin123
  • 123456
  • 123123
  • 123456789
  • password
  • 1234
  • root
  • 1234567
  • 12345
  • qwerty
  • welcome
  • pass
  • abc123
  • 12345678
  • 1111
  • test
  • monkey
  • iloveyou
  • dragon
  • demo

 

Well, that is quite simple really!

.

What should you do now?

  1. Change your username and password
  2. Upgrade your WordPress version
  3. Do a website backup
  4. Want some help or ideas? Just contact us at Hotpink Websites now.

.

Quote

There is no security on this earth; there is only opportunity.
~ Douglas MacArthur

Remember – Warning to WordPress website owners

.

 Warning to Wordpress website owners

Leave a Reply