The web botnets rely on human laziness to get easy access to your website.
So you should read this to check if you are doing the right things to protect your website.
And especially if you have . . .
There have been many reports of this online, including this article – http://www.cloudreviews.com/blog/wordpress-under-huge-botnet-attacks
This is a brute-force dictionary-based attack which intends to find and target the websites with a username of “admin”, which is being set as the default by most of the site owners.
It is another serious attack on WordPress websites, which the pundits believe could be paving the way for something even bigger.
But before we go on . . .
What is a botnet?
A botnet is literally a network of robots, or more specifically, a network of internet based computer programs that work together to achieve an outcome.
They run around hijacking home PC’s to drive attacks on websites and website servers, over-loading them and often rendering them inactive.
The main risk
The default login userid on a WordPress website is “admin”.
Combine that with a well documented list of commonly used passwords, and you have a recipe for disaster.
A WordPress website with a login userid of “admin” and a common password is a VERY HIGH RISK for being hacked.
Common passwords include:
- emanresu (username backwards)
- . . . and the list goes on
You don’t have to be a technical guru to work out the list. There are even websites that provide lists for you.
Thinking up safe passwords can be a challenge, so there are many websites that can help you get a safe password.
One such site is http://strongpasswordgenerator.com
But because you cannot be 100% sure that your computer has no spyware or malware, we even suggest altering these passwords slightly.
Also, make sure that you are not visiting a dummy site that might capture and use your new password against you.
And as for as remembering the password, the safest place is handwritten and hidden.
You can store passwords in a document on your local machine, but only if you are confident that your computer is “clean” of trojans and viruses, etc.
Or else make up your own passwords, but follow these password rules –
5 Steps to Take Now
1. Do not use “admin” as a userid
When we build your new WordPress website, we never set up “admin” as a userid.
2. Use strong passwords
We always use strong passwords when creating your accounts.
3. Keep your software up to date
With our website support package, all of your website software is kept up to date to minimise any security risks.
Also, delete any unused plugins on your website.
4. Backup your website
With a good backup you can easily recover from an attack on your website. We backup your website regularly.
5. Move key WordPress files, so that hackers cannot find them
We make changes to the WordPress set up to improve security that most web developers ignore. This is a bit more “techy”.
Move the wp-config.php file into a folder higher than your WordPress installation folder.
Add a blank index.php file to directories that should not be available publicly.
Well, that is quite simple really!
Watch this short VIDEO
WordPress Security Part 3: Password and Username Safety
What should you do now?
- Make sure that you follow these 5 Ways to Secure Your Website.
- Talk with one of our Security Experts about your website.
- Want some help or ideas? Just contact us at Hotpink Websites now.
I spend a fair amount of time on my computer, but I don’t hack into anything.
I have to open the manual and follow instructions.
Remember – 5 Ways to Secure Your Website