Websites using the WordPress content management system have been under a huge botnet attack for the last couple of days, as hackers attempt to compromise thousands of webservers.
WordPress is the open source content management system used by around 17% of websites on the internet including this one, and is regularly updated to make sure it is secure. There was a large scale attack a couple of years ago on the popular timthumb plugin used by many WordPress sites, but this attack is different in that hackers are attempting to use “brute force” to crack administrator passwords on WordPress installs around the web.
A brute force attack is when a hacker tries to “guess” the password for an account by attempting thousands of password combinations in a very short space of time by using dictionary words and a common password list. In this case, the hackers have a huge botnet made up of around 90,000 infected computers around the world, meaning that simple IP-blocking does not work to prevent the hackers from trying thousands of password options.
Currently the infected computers are mostly just unprotected home PCs of users that have been hacked in the mast and infected with malware, but the fear is that this is simply preparation for a future attack using more advanced servers and hardware to much more rapidly compromise websites. Once the hackers have compromised a website in this attack, they may install malicious software on that server in order to make it part of the future attack.
How Can You Protect Your Site?
If you run a WordPress-based website or blog there are a few steps that you should take to reduce the risk of your site being compromised:
- Change the administrator account username from “admin” to something different
- Make sure you are using a secure password that is at least 8 characters long and includes “special characters” such as £$%&*()
- Install a plugin that limits the login attempts per IP/session like Limit Login Attempts
- Sign up for a free account from CloudFlare to protect your site through their cloud infrastructure
- If you’re blog is on WordPress.com then turn on “two-factor authentication“
A number of web hosting companies such as HostGator, WebHostingBuzz, and others are taking precautions to protect their customers’ websites as well by limiting logins and patching their protection systems and firewalls to block the pattern of this attack. But following the protective steps above are always a good idea anyway.