Wordpress users advised to change passwords following hack
Wordpress users are being advised by its founder, Matt Mullenweg, to update their security settings following sustained botnet attack involving ‘tens of thousands’ of computers.
The attack, which has been ongoing for a week, targets individual accounts where the username has defaulted to admin, bombarding them with thousands of popular passwords to gain access.
Some 17 percent of the world’s websites are currently powered by Wordpress, the equivalent of 64m separate sites, which gives an indication of the true scale of the problem.
Mullenweg wrote on his blog: “Almost 3 years ago we released a version of WordPress (3.0) that allowed you to pick a custom username on installation, which largely ended people using “admin” as their default username. Right now there’s a botnet going around all of the WordPresses it can find trying to login with the “admin” username and a bunch of common passwords, and it has turned into a news story (especially from companies that sell “solutions” to the problem).
The latest marketing news and insights straight to your inbox.
Get the best of The Drum by choosing from a series of great email briefings, whether that’s daily news, weekly recaps or deep dives into media or creativity.Sign up
"Here's what I would recommend: If you still use 'admin' as a username on your blog, change it, use a strong password.”