Last week, WordPress came under a botnet attack. Botnets are maliciously used to launch denial-of-service attacks that shut or slow down websites. They can also be used to spread malware. A stronger, future attack may be on the way, so it’s important to take a look at the security of your website if you use WordPress and make improvements where they are necessary.
If the username that you log into WordPress with is “admin”, you are at a far greater risk of attack. The hackers are targeting sites that have “admin” as the username and trying thousands of passwords until the correct one is identified. The best way to protect yourself is by checking the usernames of all users on your site and making sure none of them are “admin”. To do so, log in to WordPress, go to the menu on the left side of your screen, select Users and delete any “admin” usernames you see in the list that appears.
To provide better protection for your site, make sure your password is complex and difficult to guess. To check the complexity of your password, read this blog post by Tranquility Internet. WordPress also offers tips for selecting a secure password on their support pages.
Whenever a new version of WordPress is released, it is accompanied by a bug fix report that hackers use to target the vulnerabilities on your site. The latest version of WordPress is 3.5.1, but updates are released often. To check what version you are running, log into your website and select Updates from the menu on the left side of your screen. If you need help updating your WordPress, call MayeCreate to do an update that avoids breaking certain parts of your site.
MayeCreate is currently in the process of updating the database names of all client websites. So instead of the login for your website being located at /wp-admin, it will be elsewhere. Changing the default login location provides greater protection, just like changing the default username does.
For any questions or concerns about your website’s safety, call MayeCreate at 573-447-1836.