Hackers Attack At WordPress

Hackers pose troubles everywhere and their recent victim was one of the largest blogging platforms all over the world which is undoubtedly WordPress. Hackers have made smart use of botnet virus and with this technology; it aims at capturing and retrieving the login credentials for accounts that work at administrator levels.

The owners who are most susceptible to the attack include all those who have kept their username as admin. The main strategy used by hackers is to enter ?admin? as username. They then make smart use of a tool that works on brute force algorithm to cleverly guess the password which will help them in hacking the account and gaining unauthorized access.

Matt Mullenweg, who is the founder of WordPress, has commented that all those who use ?admin? as their username should try to change it. Further, he requested users to pick up strong password that cannot be easily guessed. At the same time, the two factor authentication feature that is provided at WordPress should be turned on too for the sake of larger security.

CloudFare which is the company that works to check that the sites are loaded speedily has commented that the attack was made with the prime motive of using the servers. The hackers did not want to make use of the site or mess with it as their main aim was to extract undue advantage of the servers.

The bot nets are not as strong as the servers because they were made of home PCs, however, once this attack gained speed and momentum, its efficiency could increase manifold. It could even force attacks as strong as denial of service attack for some major websites as well.

The attack looks to be massive as a lot of different IPs has already been targeted. WordPress authorities are working hard to protect its users.


Sorry if i have put it in the wrong section i though everyone with wordpress on this forum should read it.

lol, this is why you use plugins like login lockdown and bullet proof security. It still amazes me that wordpress does not come stock with these plugins.

And move your admin folder as well as re-checking permissions.
And turn off anonymous ftp.
And always remove passwords from plain text(who thought plain text passwords would ever be a good idea, especially to keep for this long in computing? so much about how the internet and wireless devices work is ridiculous, stupid, and dangerous. It doesn't matter if you secure your own stuff if somewhere downstream, some piece of shit device with a log-in(that no one might even be aware exists) is set at u:admin p:admin/password(how did laziness become standardized?), then from there they get root and...it's just so stupid. sorry).

And, there's just too much to do. Just setting up, maintaining, and updating secure servers can be exhausting.

the_demon said:

lol, this is why you use plugins like login lockdown and bullet proof security. It still amazes me that wordpress does not come stock with these plugins.

Click to expand...

Agreed, still there are enough plugins out there to protect end users. I guess hackers are finding Windows a little tougher to crack nowadays so they go after the next little old lady on the block.

I've always whitelisted my own IP only for the wp-admin directory.

They have a job doing anything then.

Hmm.. I wonder if they were trying to use the servers for mining bitcoins?

anyway, we have our very own hacker who happens to be quite legendary. You can check out his thread [HERE]

Nothing new there? Brute forcing using has been around for years? People have been trying to brute force my wordpress blog for years too, I use reCaptcha and a limit login attempts plugin on my login area, 3 failed attempts = Ban!

sn0rt said:

Hmm.. I wonder if they were trying to use the servers for mining bitcoins?

Click to expand...

What better than making a Russian blog network bigger?

Having too many unnecessary plugins from unknown authors can also play a risk, and i also get my wp blogs blocked after 2 attempts anyways