According to server hosts Hostgator and Cloudflare, WordPress powered websites across the globe are being targeted by a botnet consisting of tens of thousands of personal computers that have been compromised.
The attack specifically targets installations that have an ‘admin’ username configured, trying thousands of possible passwords. It appears that the botnet has the ability to target the same server from up to 90,000 different IP addresses, which means normal login lockdown systems are not effective at blocking the attack.
It is believed that the aim of the attack is to build a bigger more powerful botnet for future use. Currently the botnet is centred mainly on home PCs that have been compromised. These have limited power and limited Internet access speeds, whereas a botnet of high-powered servers, connected directly to the heart of the Internet, will allow the controllers far more power.
It is recommended that any installation with an ‘admin’ account should change the username immediately and ensure that the WordPress version is updated to the latest version. When setting the password for the administrator account it is also important to ensure that the password is very strong. WordPress includes a password generator that creates passwords that are far more secure than most people are accustomed to using.
Installing a firewall system that independently scans the server for files that have been changed is also highly recommended.
All the WordPress installations that we run are fully maintained, so they are kept up to the latest version and they all run a firewall to protect against this type of attack. Having used WordPress of over 4 years for many and various sites, we have learned the hard way that security is a key consideration when it comes to your web site.