Using really lame passwords for your online accounts is dangerous, but unfortunately many Internet users still fall into the bad habit of using weak, easy-to-guess passwords for their accounts. They don’t learn to use stronger passwords that are more difficult to crack until they’ve learned the hard way by having their accounts hacked or compromised. Lately WordPress users may be receiving some of this tough “come up with a stronger password” love, as there’s a new WordPress attack that focuses on taking advantage of folks who use weak passwords.
The latest WordPress attack is using tens of thousands of infected users’ machines to attack WordPress sites. The attack commands infected users’ machines to go through a dictionary of common, possible passwords to try to log into accounts with the default username “Admin.”
There are a few good ways to improve your security to avoid having your WordPress site commandeered by these attackers:
You need to have an administrator account so you can take care of all the various administrative functions on your blog, but it doesn’t have to have the name “Admin.” Once you create a second administrator account, you can delete the default “Admin” account.
A password is only as useful as it is strong and unique. This attack is what that concept is all about. Make sure you use a strong password. If you need help coming up with one, check out our post giving 4 tips for creating secure passwords.
Having a second step in the authentication process with stop this attack cold. WordPress is now offering two-factor authentication, so implement it now if you haven’t already.
This incident gives a pretty good view into the fact that most folks don’t have much by way of security in place on their digital property. By making a few small adjustments, you can put yourself out of the realm of easy pickings, and thus avoid many attacks.
