Just recently, there has been a worldwide hacking on WordPress sites. The attack which was all over the internet news headlines, was briefly described as hackers aiming their botnet at WordPress sites with the intention of gaining access to the server. To explain further, the websites and blogs powered by WordPress has been hit by a brutal and immense network of compromised home PCs controlled by unscrupulous hackers. And the hackers are just beginning since experts believed that this is a preparation for a larger attack. This time, they will be using a larger botnet of servers. Should this happen in the future, this could cause a greater problem since servers have more network connections and can accommodate larger traffic.
How do the attackers get in your WordPress site?
A week after WordPress created a two-step authentication log-in option, WordPress attacks has increased drastically from an average of 50,000 a day in the beginning of April to around 1,000,000 by April 11th. The hackers execute their sneaky attack by injecting malware into the computer without the owner’s knowledge. They use the botnets to decipher the username and password combination, to which task, the botnets never give up trying.
There are two main factors that gave hackers leeway to their successful attacks. As mentioned previously, botnets are figuring out the WordPress site’s username and password. With the WordPress site’s default username as ‘admin’ which some owners doesn’t bother to change, hackers can easily surpass the first step to their attack. If combined with an easy to manage password, the WordPress site is already a give-away to a problematic attack. The epidemic should not be taken as WordPress’ weakness. WordPress is a secure content management system but if the account owner is negligent, attackers won’t have a hard time breaking in.
Simple yet effective suggestions that will lower your WordPress site’s risk
If you have a website or blog that is powered by WordPress, then it’s about time to take the necessary precautions. This statement may sound like a set of complicated steps coming but these are actually simple to implement. To start off, the username should be changed from the default ‘admin’. The attackers were believed to have also used a dictionary attack strategy which directed the move to find the password for ‘admin’ accounts. With this in mind, it follows that having a username that is more obscure can provide a good defense. Another obvious measure which most WordPress site owners fail to use is to use a strong password. Owners of WP.com account can also use the two-step authentication. It will also help a lot to use the latest WordPress version and ensure that the plugins are updated.
Taking these precautionary measures is important. But it is just as important to prepare for the worst, considering the recent occurrence of the widespread attack on WordPress sites. Backing up your website can take some or a part of your precious time but it will certainly be a life-saver should your WordPress site be compromised.
People liked WordPress for several reasons. It is fast to set up and easy to manage even with large amounts of content. It is also possible to add different functions with the increasing number of developers creating free plugins that WordPress site owners can take advantage of. But amidst these simplicities, it is important to be vigilant and take the necessary security measures. While the recent rampant WordPress site attacks may have already shaken some websites or blogs, let this be a forewarning to the fortunate ones who should fit in time to do a considerable amount of hacking prevention.