WordPress Gets Hacked
You may have heard that, last week, a Botnet attempted to hack into a number of WordPress sites.
The Botnet tried to hack into every WordPress site it could find using the default “admin” username and a set of common passwords. We love WordPress here at Polaris so naturally we always try to maintain a high level of security for all of our clients’ sites that run on the WordPress CMS.
There are a number of simple security techniques that you should always use to help protect your site. As Matt Mullenweg, founder of WordPress, recently stated,
“If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem. Most other advice isn’t great — supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours)”.
BadCat Design, a Web Design Company based in Pennsylvania, USA, posted on Mullenweg’s site stating that they had been monitoring the activities of the Botnet and found that the following common usernames had been targeted:
“Here’s a quick list of the usernames most often attempted.
Last user attempted: aaa
Last user attempted: adm
Last user attempted: admin
Last user attempted: admin1
Last user attempted: administrator
Last user attempted: manager
Last user attempted: qwerty
Last user attempted: root
Last user attempted: support
Last user attempted: test
Last user attempted: user”
As an SEO agency in London, we always highly recommend WordPress as an easy-to-use, SEO-friendly CMS. We strongly advise that anyone running a WordPress website should change their username from any of the above to something more unique. A strong password is always the first step to a more secure site so make sure you use a combination of both letters and non-consecutive numbers in your password.
On a final note, make sure you do not keep a list of all of your username and passwords in an easily accessible place (e.g. email accounts); hacking is becoming a widespread problem so don’t give hackers an easy ride.
For further information on any of our services, including SEO, PPC Management, Affiliate Marketing and Web Design, contact us today on 0203 475 6799.