16 April 2013 - 8:38am | posted by | 1 comment

Wordpress users advised to change passwords following hack

Wordpress users advised to change passwords following hack Wordpress users advised to change passwords following hack

Wordpress users are being advised by its founder, Matt Mullenweg, to update their security settings following sustained botnet attack involving ‘tens of thousands’ of computers.

The attack, which has been ongoing for a week, targets individual accounts where the username has defaulted to admin, bombarding them with thousands of popular passwords to gain access.

Some 17 percent of the world’s websites are currently powered by Wordpress, the equivalent of 64m separate sites, which gives an indication of the true scale of the problem.

Mullenweg wrote on his blog: “Almost 3 years ago we released a version of WordPress (3.0) that allowed you to pick a custom username on installation, which largely ended people using “admin” as their default username. Right now there’s a botnet going around all of the WordPresses it can find trying to login with the “admin” username and a bunch of common passwords, and it has turned into a news story (especially from companies that sell “solutions” to the problem).

"Here's what I would recommend: If you still use 'admin' as a username on your blog, change it, use a strong password.”

Comments

16 Apr 2013 - 18:26
yablon
1
comments

I'm afraid you completely misquoted what Matt said. He said CHANGE YOUR USER NAME to something unique. Use a strong password was always a given, but the point here is that you need to have two log-in parameters that are unique, not that you need to change your password!

BTW: Besides writing about this yesterday ( http://answerguy.com/2013/04/15/hacking-wordpress-cms-content-management... ), we happened to do a video on this subject just last week: http://answerguy.com/videopost/you-cant-build-a-web-site-in-one-hour-adm... .

It's a real issue, but the truth is that it takes very, VERY little to protect against this kind of thing.

1
0

Write Your Comment

New to The Drum

You will be sent a verification email. Click on the link in the email to post your comment.

Directory Latest