Many websites built on the blogging and content management system WordPress are currently under attack by a group of hackers attempting to gain access to the sites to use them in Distributed Denial of Service (DDOS) attacks.
The infected machines are then, in turn, attempting to gain access to other WordPress installations, to quickly grow the size of the botnet. Security experts say this is one of the most robust WordPress attacks to date, and the hackers have succeeded in building a very strong botnet of infected systems.
There are currently nearly 100,000 IP addresses in use by the infected systems, and this could grow as the hackers turn additional WordPress installations into subservient systems. Two popular managed hosting services, HostGator and Resellers Panel are undergoing a very heavy attack by the botnet right now – both services specialize in WordPress hosting packages.
Hackers are bute-force punching their way into the WordPress backend by trying 1,000 – 2,000 password combinations against the “admin” username on WordPress systems. WordPress users with easy-to-guess passwords are at the most risk for having their systems compromised.
To avoid having your WordPress instances violated, John Dolan, a freelance security expert, suggests that users go into their WordPress settings “right now, as soon as possible, and update their passwords,” he said. “It should be changed to a complex password, not a dictionary word, and it should use a mixture of capital and lowercase letters, as well as numbers and another character, like a question mark, for example.”
In addition to making sure your password is secure, Dolan also recommends that WordPress users look into a service like CloudFlare, an online security vendor that monitors your website’s incoming traffic and deflects attacks from known bots and spammers.
What to do if your WordPress instance has been hijacked? “Talk to your hosting provider,” says Dolan. “They most likely have experience with this, and can help you wipe your WordPress install and restore your latest backup.”