‘admin’ username wordpress threat

A huge attack is going on this weekend on the internet. Over 90,000 remote controlled computers are trying to hack into wordpress sites. The weakspot exists because the default login page for any wordpress site is www.yourwebsite.com/wp-admin and the default username is admin.

With that knowledge all they need is the password. And with 90,000 computers all coordinating attacks simultaneously it won’t be long before tens of thousands or even hundred of thousands of wordpress sites are hacked into and infected with malicious software likely designed to further the effort to hack even more sites. It’s a problem that could get much worse very quickly. And it looks like it all started on a Friday, leaving a few days over the weekend before anyone “really noticed”.

So if you own or administer your own wordpress website, you’ll find some instructions below to remove your default admin account and replace it with something a little more clever (your name, company name or even just administrator instead of admin) would work.

If you already have WordPress installed, the fix is quite simple. Just create a new user and set it as administrator. Then log in with that new user and delete the “admin” user. Don’t worry if you have many posts written by that user, WordPress will ask whether you want to delete them or re-assign them to a new user (choose the latter obviously).

For more information about the attack follow this link: http://www.forbes.com/sites/anthonykosner/2013/04/13/wordpress-under-attack-how-to-avoid-the-coming-botnet/