Wordpress website targeted by hackers

40 replies
BBC News - Source

Wordpress has been attacked by a botnet of "tens of thousands" of individual computers since last week, according to server hosters Cloudflare and Hostgator.

The botnet targets Wordpress users with the username "admin", trying thousands of possible passwords.

The attack began a week after Wordpress beefed up its security with an optional two-step authentication log-in option.

The site currently powers 64m websites read by 371m people each month.

According to survey website W3Techs, around 17% of the world's websites are powered by Wordpress.

"Here's what I would recommend: If you still use 'admin' as a username on your blog, change it, use a strong password," wrote Wordpress founder Matt Mullenweg on his blog.

He also advised adopting two-step authentication, which involves a personalised "secret number" allocated to users in addition to a username and password, and ensuring that the latest version of Wordpress is installed.

"Most other advice isn't great - supposedly this botnet has more than 90,000 IP addresses, so an IP-limiting or login-throttling plugin isn't going to be great (they could try from a different IP [address] a second for 24 hours)," Mr Mullenweg added.

Matthew Prince, chief executive and co-founder of Cloudflare, said that the aim of the attack might have been to build a stronger botnet.

"One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack," he wrote in a blog post.

"These larger machines can cause much more damage in DDoS [Distributed Denial of Service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic," he added.

Hi-tech crime terms

Bot - one of the individual computers in a botnet; bots are also called drones or zombies.

Botnet - a network of hijacked home computers, typically controlled by a criminal gang.

Malware - an abbreviation for malicious software ie a virus, trojan or worm that infects a PC.

DDoS (Distributed Denial of Service) - an attack that knocks out a computer by overwhelming it with data; thousands of PCs can take part, hence the "distributed".

Drive-by download - a virus or trojan that starts to install as soon as a user visits a particular website.

IP address - the numerical identifier every machine connected to the net needs to ensure data goes to the right place.
#hackers #targeted #website #wordpress
  • Profile picture of the author edpudol1973
    That's really alarming... I am using admin as my user name to all my wordpress blog. Hope wordpress will release immediate fix.
    {{ DiscussionBoard.errors[7979202].message }}
    • Profile picture of the author gromine
      That is alarming, thanks for the heads up!
      Signature
      {{ DiscussionBoard.errors[7979224].message }}
    • Profile picture of the author David Keith
      Originally Posted by edpudol1973 View Post

      That's really alarming... I am using admin as my user name to all my wordpress blog. Hope wordpress will release immediate fix.
      There is no simple/easy fix...this is a brute force attack to get control of servers with super highspeed connections to the internet.

      most botnets work by infiltrating normal home computers with relatively slow connections to be able to enhance their reach with.

      But servers are connected to connections hundreds or more times the speeds of home networks.

      these same servers are then used to either attack other computers in the same way or massive DDOS attacks that are much more powerful than most traditional ddos.

      several major hosts have already had computers in their network used in DDOS on major USA interests including banks and such.
      {{ DiscussionBoard.errors[7979237].message }}
    • Profile picture of the author RobinInTexas
      The botnet attacks are best dealt with at the server level. It you are on a dedicated server or VPS you can take steps (not for the faint at heart tho) to mitigate the DDOS bots. See Fail2Ban


      For any wordpress installation, Wordfence is as far as I am concerned the ultimate defense. It has several settings that need to be adjusted for best protection, although the defaults are almost good enough.

      The best thing we can do is secure passwords. you can take something easy to remember, add a twist only known to you and have one virtually impossible to crack. My favorite is dog

      But you have to personalize how you write "dog" when you use it for your password.
      one solution is
      D0g.....................
      Upper case D
      0 for o
      lower case g
      add 21 periods
      and according to How Secure Is My Password?
      It would take a desktop PC about
      50 octillion years to crack it.
      That is the time for a pc to crack crack it locally trying millions of passwords per second, an online brute force attempt is probably not capable of more than several hundred attempts per second.
      Pick your own word, your own substitution and your own padding character and the length of the password. I'd suggest a total length around 10-14 characters, as some places don't let you use longer passwords.
      You could even use the site name for a password.
      facebook could become
      Face++++++++book
      Citibank could become
      Citi++++++++bank
      you would be using the same password everywhere, sort of.
      How Secure Is My Password?
      How Secure Is My Password?

      Create a new user with a name other than admin, then log out and back in as the new user delete the user named admin.

      If you go to one of my sites it would take you a century or so just to come up with the admin user login name I use which is somewhere between 8 and 11 random characters and looks something like this "x525t2o2rr8"
      the actual password is also longer and includes symbols.
      Just for grins on some blogs I use a display name of Admin. An IP will have 1 chance to attempt a password before being locked out for 60 days by Wordfence options:
      which include
      1. Immediately lock out invalid usernames (if admin is gone, 1 try locks the IP out)
      2. Don't let WordPress reveal valid users in login errors

      Impossible for an online brute force attack to crack the site.

      https://www.grc.com/haystack.htm

      You can further use .htaccess to block all but your IP from the wp-admin files.
      Signature

      Robin



      ...Even if you're on the right track, you'll get run over if you just set there.
      {{ DiscussionBoard.errors[7979259].message }}
  • Profile picture of the author KuhNoodle
    Dang, I had people tell me things about this and I thought it was all speculation and hype. Well at least the good thing is that now I know for sure. But changing username and passwords for hundreds of blogs is going to take forever. I better go hire someone off DP to do it for $5.00 or better yet someone off fiverr.

    Thanks Hack
    Signature
    ----------------------------------



    Make $5.00 A Day With A Blog <-- Click Here

    {{ DiscussionBoard.errors[7979228].message }}
  • Profile picture of the author WillR
    It's funny that people wait until this stuff is in the news before they do anything about it. Wordpress security and hacking has been an issue for a very LONG time. Some people just don't tend to believe this stuff unless they read it inside a newspaper or see it on the news.
    {{ DiscussionBoard.errors[7979240].message }}
  • Profile picture of the author David Keith
    Very true Will, but this isnt the normal hacking stuff. This is pretty damn sophisticated stuff.

    I have many connections in the hosting industry and they are scrambling right now. This is hardcore stuff involving government lvl security help to some major hosting companies and data centers....and not just USA government.
    {{ DiscussionBoard.errors[7979250].message }}
  • Profile picture of the author Shaolinsteve
    I've used admin for several sites but recently changed those a few weeks back. They do have some plugins I came across that allow you to hide the wp-login page and provide you with a different address to access the login, but either way just make something secure.

    This is a good reminder for those who are not aware of this matter for sure. Some people will only take action once it's happened to them but to be on the safe side, is it worth the risk?
    {{ DiscussionBoard.errors[7979251].message }}
    • Profile picture of the author dougp
      Having a secured computer is one of the first defenses webmasters should take. If a hacker is able to gain entry to your computer and access your unencrypted text or doc file that contains your sensitive passwords then all bets are off. Also, its crazy how so many webmasters use admin as their username and keep their wordpress login the same, for example yourwordpressblog/wp-admin. Change it and educate yourself about web security. You may think "oh my website is not popular so a hacker wouldn't waste their time hacking it", this is simply naive thinking.
      {{ DiscussionBoard.errors[7979281].message }}
  • Profile picture of the author David Keith
    Robin, your advice on passwords is very good advice.

    But a brute force attack doesnt even have to be successful (geting passwords) at all to shutdown a site/server.

    However, the fact that this botnet now currently has control of a fair numbers of servers with blazing connection speeds is very problematic. This essentially allows them to brute force attack others...much faster. Currently faster than they are being shutdown.

    Hosts are currently playing whack-a-mole with these guys. A few fairly minor hosts have actually taken WP sites down from their network.

    Some major hosts are talking about taking any WP site with "admin" as the username offline as a proactive measure to slow the bot and deny them access to their servers.
    {{ DiscussionBoard.errors[7979283].message }}
    • Profile picture of the author Paul Myers
      David,
      There is no simple/easy fix...this is a brute force attack to get control of servers with super highspeed connections to the internet.
      The most reliable source I have for data on this says that roughly 50% of the spam that hits his traps now comes from infected Linux servers.

      Considering the recency of this trend, that is a genuinely disturbing number. They're going from a lot of pea-shooters to a smaller (but rapidly growing) army of cannons.

      As you mention, it's pretty advanced stuff. Shared hosting seems especially vulnerable. One weak site on a server can allow these folks to get into everything, it seems. All the power of a dedicated machine, but with sometimes hundreds of IPs ready at hand.

      You have to wonder... how much of this is the RBN, or similar criminal groups, and how much is state-sponsored infiltration?


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[7979368].message }}
  • Profile picture of the author GuruGuna
    Over the last couple of weeks my site hosted on Hostgator has been under attack. BAsically was accessing my wp-login.php page thousands of times. I found out when my bandwidth ran out!!! Hostgator said everything is fine...

    only yesterday I managed to narrow down the servers that are pinging me and I blocked them using the .htaccess file (all IPs from China). I got help from this URL - Block Chinese and Korean IP Addresses From Apache Based Servers with .htaccess Blocklist

    Hopefully for the time being, I am safe!
    {{ DiscussionBoard.errors[7979332].message }}
  • Profile picture of the author WillR
    I was given instructions by someone recently whereby I added an MD5 password htaccess file to the root of my server and it locks all wp-login.php pages on my server. So now any of those Wordpress login pages anyone tries to access on my server first comes up with a username and password box I need to enter just to display the login page. Then I need to login to Wordpress as usual.

    Is this a wise move on my part? I'm no security expert...
    {{ DiscussionBoard.errors[7979401].message }}
    • Profile picture of the author David Keith
      Originally Posted by WillR View Post

      I was given instructions by someone recently whereby I added an MD5 password htaccess file to the root of my server and it locks all wp-login.php pages on my server. So now any of those Wordpress login pages anyone tries to access on my server first comes up with a password box I need to enter just to display the login page. Then I need to login to Wordpress as usual.

      Is this a wise move on my part? I'm no security expert...
      Will, i am not security expert either. Although i have a more than working knowledge on the subject.

      If it prevents people/computers from getting to the WP login, that is going to do nothing but help. It will help you prevent losing control of the server, however it likely won't do much to prevent or manage a brute force DDOS attack that could render your server useless for a period of time.

      Basically, this is kinda like locking your car door. People can still steal it, but why bother when the car next to yours is unlocked with the keys in it? Essentially, the bot is very likely to move on from your server quickly and on to easier targets.

      What needs to happen is we need to quit losing servers to this bot. We can handle DDOS attacks fairly well, but this thing is popping up on different IP's within seconds because they are continually gaining access to more servers.

      Thats why the connection speed thing is so important. It makes it virtually impossible to get ahead of without taking drastic action like i mentioned above. Or without just letting it "run its course" so to speak until all infect servers are blocked...thats a really bad option BTW.
      {{ DiscussionBoard.errors[7979430].message }}
      • Profile picture of the author WillR
        Originally Posted by David Keith View Post

        Will, i am not security expert either. Although i have a more than working knowledge on the subject.

        If it prevents people/computers from getting to the WP login, that is going to do nothing but help. It will help you prevent losing control of the server, however it likely won't do much to prevent or manage a brute force DDOS attack that could render your server useless for a period of time.

        Basically, this is kinda like locking your car door. People can still steal it, but why bother when the car next to yours is unlocked with the keys in it? Essentially, the bot is very likely to move on from your server quickly and on to easier targets.

        What needs to happen is we need to quit losing servers to this bot. We can handle DDOS attacks fairly well, but this thing is popping up on different IP's within seconds because they are continually gaining access to more servers.

        Thats why the connection speed thing is so important. It makes it virtually impossible to get ahead of without taking drastic action like i mentioned above. Or without just letting it "run its course" so to speak until all infect servers are blocked...thats a really bad option BTW.
        Yeah, what a bunch of tossers these people are.

        I've locked all wp-login pages using the method I mentioned above.

        I never use admin as my username and I have very strong passwords.

        I'm on my own dedicated server.

        I backup all of my Wordpress installs every few days.

        What more can a man do?

        I feel like being the guy in the movie Twister that stands right in front of the tornado, raises his hands in the air, and says... "come and get me!"
        {{ DiscussionBoard.errors[7979451].message }}
  • Profile picture of the author David Keith
    From what i have seen on this there is no doubt it is a major organization of some sort. I was in meetings with a major hosting company yesterday regarding this stuff. There was pretty much every "suit and tie" USA law enforcement represented there.
    {{ DiscussionBoard.errors[7979406].message }}
    • Profile picture of the author Paul Myers
      David,
      From what i have seen on this there is no doubt it is a major organization of some sort.
      I'm not sure which would worry me more. That it was the RBN or some government.

      It's certain the Russian gangs are involved in this kind of activity. Whether this particular one is part of that... who knows?

      The Chinese curse has come true.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[7979440].message }}
  • Profile picture of the author arranrice
    My wordpress site had an hack attempt!

    The entire site slowed down and each page took 2 minutes+ to load. At some times the site was down completely. Now I have a very strong 30+ letter password.
    {{ DiscussionBoard.errors[7979414].message }}
  • Profile picture of the author RedShifted
    Well my site blocks people from logging in after 5 failed attempts.
    So they can use as many IP's as they want, they're not guessing the password within 5 tries. I don't think they'd get my passwords after 5 billion tries tbo. Considering that I use 30+ random character passwords.

    I'm not saying they're safe from a truely determined hacker, but it wouldn't be worth the effort imo.

    -Red
    {{ DiscussionBoard.errors[7979445].message }}
    • Profile picture of the author WillR
      Originally Posted by RedShifted View Post

      Well my site blocks people from logging in after 5 failed attempts.
      From what I understand this stops people getting in but doesn't stop them trying... and it's the trying part that knocks your server down to it's knees?

      Best if they can't get to or find your login pages in the first place.
      {{ DiscussionBoard.errors[7979458].message }}
      • Profile picture of the author JohnTheJock
        Hi Will,

        All my GoDaddy sites are down just now, maybe that's the reason. I've just become aware of this attack.
        {{ DiscussionBoard.errors[7979554].message }}
  • {{ DiscussionBoard.errors[7979467].message }}
  • Profile picture of the author RedShifted
    @WillR - Yes, but if you put yourself in the mind of a hacker.... what hacker really wants that? Unless its the CIA website or something.

    I think in most cases, a hacker wouldn't even want you to know they were there. So I'd say for most people, that greatly minimizes the chances of a hacker taking down your servers. Or maybe not, I really don't know how a hacker thinks.
    {{ DiscussionBoard.errors[7979473].message }}
    • Profile picture of the author WillR
      Originally Posted by RedShifted View Post

      @WillR - Yes, but if you put yourself in the mind of a hacker.... what hacker really wants that? Unless its the CIA website or something.
      I'll be the first to admit I know absolutely nothing about hacking (gee, my mum would be so proud).

      But as far as I know, it's not some guy sitting in his basement trying to guess your password 1 million times. "Hmm, what could it be... 12345? Nope, that didn't work, um, let me see, maybe 12346? Nope, that didn't work." (I bet there are actually some hackers who operate like this over a pot of coffee... lol)

      They are bots (machines) that sit there and eat away at your server resources as they try and get in and attack your Wordpress install. I guess it's like trying to break into a house. If they walk up to a brick wall and it has a window on it, they will try some way to get through that window. But if they walk up to that same brick wall and there is no window (no way in) they go elsewhere. So long as you leave the window there they will think there is some way in?
      {{ DiscussionBoard.errors[7979516].message }}
  • Profile picture of the author David Keith
    yeah Paul,

    Most here are worried about their site/downtime and such. I get that, but those suit and tie guys in the meeting i was in yesterday were not there to protect the sites me and you own Paul.

    The compromised servers are being used to attack some very vital targets that could affect a huge percentage of the population.
    {{ DiscussionBoard.errors[7979476].message }}
    • Profile picture of the author Paul Myers
      David,

      I hear you. The threat to the power grid alone is huge, and we pretty much know where that comes from. China.

      I don't think many people realize just how much critical infrastructure is tied in to the net. Water supplies, gas pipelines, stocks, the ATM networks... Not to mention police, fire, and other emergency systems.

      All they'd have to do to create havoc would be to take down the 911 system in a major city on a hot day, and all hell would break loose within a few hours. Tie that in with shutting down the water supply system...


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[7979523].message }}
  • Profile picture of the author David Keith
    @will, yes, that is exactly right...trying to get in can/will knock your server offline. However preventing the bot from getting access to your server is the key thing. Essentially you will survive a little downtime, but if they get access to the server the bot grows in power.

    The part that is making this tough to fight is that in a normal DDOS attack, you just block the attacking ips. There may be a lot, but it is usually limited and they are not getting more new ones all the time.

    Thats the problem with this attack. They are getting access to new ip's every second basically. So if you block the brute force attack from your server by blocking ip's they can hit you 2 minutes later with a whole new set of ip's.

    So basically from that perspective all of us are just reactive...including the major hosts.
    {{ DiscussionBoard.errors[7979507].message }}
  • Profile picture of the author Vikky B
    Great post thanks! I was looking through my slim stat counter on my WordPress website last week, and saw a lot of traffic directed to my wp-admin page. I could see that someone was trying to hack into my site so I changed my username from the usual 'admin' to something a lot more complex, and changed my password completely to a hard one to crack. Was pretty nervous for a while about losing my site but glad I caught on it early.
    {{ DiscussionBoard.errors[7979540].message }}
  • Profile picture of the author David Keith
    I should be clear, we dont seem to be anywhere near any of the "shit hit the fan" type of stuff. Even the attacks on banks from compromised servers have been handled pretty seemless at this point.

    We are kinda locked into being reactive right now, but we are actually pretty good at that. It is not as if this thing is completely running over us. And yes, there are some drastic measures that can be taken if things were to take a turn for the worse so to speak. I mentioned one earlier.

    The major point is that something as simple as leaving "admin" as your wp username can actually have some very serious consequences for our civilized life.

    Also, this is way bigger than a little downtime for us web guys.
    {{ DiscussionBoard.errors[7979545].message }}
    • Profile picture of the author Paul Myers
      I should be clear, we dont seem to be anywhere near any of the "shit hit the fan" type of stuff.
      That we know of.

      You know as well as any of us, I would think, just how quickly these accesses can be turned to some unexpected channel.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[7979570].message }}
      • Profile picture of the author David Keith
        Originally Posted by Paul Myers View Post

        That we know of.

        You know as well as any of us, I would think, just how quickly these accesses can be turned to some unexpected channel.


        Paul
        Very true. although, I already know of several contingency plans. And i am sure i don't know of many more that are outside of my pay grade...lol

        The first and most obvious is just making WP go away for a bit. The necessary tools to do that very quickly and efficiently have already been created and are at the datacenter lvl. But that is a pretty drastic move.

        The full on infrastructure seems a very long ways from being significantly compromised unless this gets exponentially more sophisticated than it is...like full on military type stuff. I really dont see this going there.
        {{ DiscussionBoard.errors[7979623].message }}
  • Profile picture of the author neojits
    One of my friends website hacked too, they upload a hidden phishing plugin too, update your site with latest wp& plugins
    {{ DiscussionBoard.errors[7979556].message }}
  • Profile picture of the author yukon
    Banned
    The majority of (hacked) links placed on unsuspecting sites aren't actually hacks, they're base64 links added to free themes/plugins.

    It's far easier to hide base64 links in the theme/plugin code than cracking an Admin. password.

    I seriously doubt most people placing hidden links sit there running bots, they let the clueless webmaster download free themes/plugins & install the base64 hidden links on their own.

    How to check your site for base64 links
    Signature
    Hi
    {{ DiscussionBoard.errors[7979589].message }}
    • Profile picture of the author dougp
      Originally Posted by yukon View Post

      The majority of (hacked) links placed on unsuspecting sites aren't actually hacks, they're base64 links added to free themes/plugins.

      It's far easier to hide base64 links in the theme/plugin code than it is to crack an Admin. password.

      I seriously doubt most people placing hidden links sit there running bots, they let the clueless webmaster download free themes/plugins & install the base64 hidden links on their own.

      How to check your site for base64 links
      Thats one of the downfalls with opensource technologies. Every time you download a free plugin or theme, you could be exposing your site to security threats.
      {{ DiscussionBoard.errors[7979618].message }}
      • Profile picture of the author yukon
        Banned
        Originally Posted by dougp View Post

        Thats one of the downfalls with opensource technologies. Every time you download a free plugin or theme, you could be exposing your site to security threats.
        True, If a person doesn't know they should check the free themes/plugins on their own. It's the webmasters responsibility to make sure these things are legit before placing the themes/plugins on their own site.

        I can download, scan, & upload a theme in probably 5min. or less (link in my post above) with Notepad++. It's not like it takes a lot of work to verify the legitimacy of a theme/plugin, it's just that people don't know they should check, or how to check.

        Link spammers look for the easiest way into a site, which is the word free (free theme, free plugin).

        From what I've seen the problem is almost never the theme/plugin author, the problem is link spammers downloading the original free theme/plugin, adding base64 links, then making the hacked theme/plugin available for free download to unsuspecting webmasters.
        Signature
        Hi
        {{ DiscussionBoard.errors[7979659].message }}
        • Profile picture of the author RobinInTexas
          Originally Posted by yukon View Post

          True, If a person doesn't know they should check the free themes/plugins on their own. It's the webmasters responsibility to make sure these things are legit before placing the themes/plugins on their own site.

          I can download, scan, & upload a theme in probably 5min. or less (link in my post above) with Notepad++. It's not like it takes a lot of work to verify the legitimacy of a theme/plugin, it's just that people don't know they should check, or how to check.

          Link spammers look for the easiest way into a site, which is the word free (free theme, free plugin).

          From what I've seen the problem is almost never the theme/plugin author, the problem is link spammers downloading the original free theme/plugin, adding base64 links, then making the hacked theme/plugin available for free download to unsuspecting webmasters.
          Free themes and plugins are generally fine, perhaps better than paid ones, just not the ones that you download from a website. The ones on Wordpress.org have been vetted and you can be reasonably assured that there are no unpleasant surprises, the main thing you need to look out for is to see that the author is keeping up with Wordpress. When an author stops maintaining a plugin, it's time to replace it.

          An example I recently ran into was
          WordPress › Support » Tweet Old Post
          Which seems to be having problems due to changes in wordpress or twitter or both, doesn't matter.
          But in following the support questions I found a replacement for it
          WordPress › Tweetily - Tweet Your Posts Automatically! « WordPress Plugins
          As can be seen here the author is keeping up with the plugin.
          Signature

          Robin



          ...Even if you're on the right track, you'll get run over if you just set there.
          {{ DiscussionBoard.errors[7982813].message }}
  • Profile picture of the author RedShifted
    Originally Posted by WillR View Post

    I'll be the first to admit I know absolutely nothing about hacking (gee, my mum would be so proud).

    But as far as I know, it's not some guy sitting in his basement trying to guess your password 1 million times. "Hmm, what could it be... 12345? Nope, that didn't work, um, let me see, maybe 12346? Nope, that didn't work." (I bet there are actually some hackers who operate like this over a pot of coffee... lol)

    They are bots (machines) that sit there and eat away at your server resources as they try and get in and attack your Wordpress install. I guess it's like trying to break into a house. If they walk up to a brick wall and it has a window on it, they will try some way to get through that window. But if they walk up to that same brick wall and there is no window (no way in) they go elsewhere. So long as you leave the window there they will think there is some way in?
    I agree. I don't know a lot about hacking either. All I can say is a few years ago I bought a brute force bot from a "hacker" online. The guy had a great reputation (he sold these bots on ebay - no joke) and I was merely curious to see what the bots did (I need to say, I had no intention then, or now to become a hacker - I just wanted a taste of how much intelligence was required).

    I had the program running for about 3 days straight before I shut it down and failed to get the password (this was not for a WP site, just a small program I was trying to crack). Then I started reading on hacking forums and realized there's a lot more involved than just running a bot. Although the bot does a lot of work for you, it is still very difficult just to use it, and I would imagine that you need more patience than 99.9% of the population has, to be a successful hacker. That was the 1 thing I learned from that experience. It requires a type of determination that most people don't have.

    I realize there are some genius hackers out there, who can essentially do anything they want. I just think its important to keep in mind that there are human beings behind these bots. Human beings who require a level of intelligence that makes rocket science look like basic algebra.

    -Red
    {{ DiscussionBoard.errors[7979625].message }}
  • Profile picture of the author raydp
    I've received some helpful emails from some Warriors about this and have taken action to secure my sites.

    I did, however, receive one from an opportunist who whilst speaking of the dangers then went on to say she has a WSO coming out on the 18th that will secure WP sites. As if I'm stupid enough to wait, content in the knowledge that all will be well come Thursday!

    Before someone says it, yeah, I know that's marketing. There are limits though.

    That's another one unsubscribed from.

    Ray
    Signature

    {{ DiscussionBoard.errors[7979805].message }}
    • Hi Guys and Gals,

      It seems sites with the User Name of 'admin' are the ones at risk. So here's a video that shows a simple way to reset the User Name, without getting technical ...

      http://youtu.be/o6S1UrQf9-g

      Warmest regards,

      Paul
      Signature
      If you want to learn the dark arts of copywriting to increase sales or set up a prestige business
      as a copywriter then click here. Or if you want it all done for you then click here.
      {{ DiscussionBoard.errors[7979981].message }}
  • Profile picture of the author chasnsx
    I just checked my biggest site, and the Bad Behavior plugin has blocked more than 500 access attempts in the past week.

    I am not too worried, though. This site was hacked in December of 2011, and I spent a month rebuilding it from the ground up, starting with all the security features I wanted -- including a very heavily customized .htaccess file.
    {{ DiscussionBoard.errors[7980161].message }}

Trending Topics