WordPress Hacked Again

The more attractive a target, the more likely it is to get hacked. And what makes a more attractive target online than the #1 website hosting platform WordPress?

on’t use obvious usernames and passwords — like “username” and “password” — for your blog.

For one thing, it’s just dumb. It makes it easier for anyone to make a guess and take your account for a spin. Or perhaps, as was the most recent case, you’ll get cracked by a big scary hacker attack.

That’s what’s up with a slew of blogs on Friday evening, as one or more hackers are using a “botnet” — basically a creepy name for a network of automated programs — to try and access WordPress-hosted sites by attacking the lowest common denominator: Sites that use “admin” as the login name, paired with a list of the most commonly used passwords.

The brunt of the attack began last week, according to Sean Valant of HostGator, an online hosting service for Web sites. After dying off for a bit, the attack picked back up again Thursday morning, and has received some attention from Web hosts and security companies around the net.

Some, like Web security services company CloudFlare, are ringing the alarm bells (while simultaneously pimping the company’s own security services ). Which is fair, I guess. If you’re someone potentially at risk and unaware, CloudFlare could be helping you out by sounding the alert.

But I’d say its simpler than downloading extra protections or signing up for CloudFlare’s security plan: Just don’t use absurdly stupid usernames and passwords. Hackers go after the low-hanging fruit, which is most often found in the novice Web users who don’t take the time to switch from their default login information.

“Here’s what I would recommend: If you still use ‘admin’ as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress,” Matt Mullenweg, founding developer of WordPress and Automattic, wrote on his blog. “Do this and you’ll be ahead of 99% of sites out there and probably never have a problem.”

Completely basic password security is as simple as that. If remembering passwords is a challenge in your business, why not outsource your IT Management to Outhouse IT, we’ll secure your site, monitor it 24/7 for security and uptime and address issues like this proactively on your behalf!