Massive Attacks on WordPress Sites

Massive Attacks on WordPress Sites


In the past couple of weeks, all around the world self-hosted WordPress sites have been under attack by ill-intentioned botnets. This is the largest recorded attack, and it is affecting all kinds of WordPress sites from personal blogs to large enterprise properties. The good news is that due to the preemptive measures we take, all of the sites we've built are safe from this recent attack. The bad news is that site performance and availability could be affected due to the sheer number of computers trying to access a site at once (similar to a "denial of service" attack).

So what exactly is a botnet and what's happening with this massive WordPress hack? A botnet is basically a network of internet-connected computers or computer programs working together to complete a task. Some botnets are harmless and some are downright evil as in the case of the WordPress attacks where botnets are attempting to log into administrator accounts and take over sites. Yikes. Hostile take-over is never a good thing. But here are a couple of ways you can put up a good first line of defense:

  1. Don't have a user account in your WordPress CMS with one of the usernames that botnets are targeting such as: "admin," "administrator," "root" or "test." Despite the fact that WordPress suggests "admin" as the username in new sites, this is not a good idea. If you happen to have one of these usernames, simply delete this account through your Users panel and create a new administrator account with a less obvious username.
  2. Use stronger passwords. Obviously the word "password" is not a strong password. Let's at least make these hackers work for it! Include capital letters, special characters and try to make the password as long as you're allowed. Longer passwords take longer to crack under a brute-force attack.

There are additional methods to shore up your site against nefarious hits, some of which we employ as a standard part of our development process. Other deeper measures to improve site security happen under the umbrella of our website maintenance and service plan SiteSupport. Current Blue Marble clients: If you would like to find out more about how you can get SiteSupport for your site or if you have questions about the recent botnet attack, call us at the office (+1 509.493.2487) or send an email to: