Being one of the most popular CMSs has its benefits … and disadvantages. In this case you become a big target. In this particular attack the bad guys are attempting brute-force logins on the default admin account using 1,000 common passwords. After successfully gaining access to the WordPress backend, they appear to install a backdoor that incorporates the site into a botnet that continues to self-propagate using the same password guessing attack.
As usual always change the admin username and use strong passwords for your logins (such as those generated by LastPass). Brian Krebs and many of the commenters of his Friday article discuss additional precautions such as implementing some type of two-factor authentication (e.g., from Google Authenticator and Duo Security) and adding plugins that prevent brute-force attacks by automatically locking out attacking IPs (e.g., Better WP Security and Wordfence). And if you are already infected Brian touches on some steps to help cleanup.
Security experts are warning that an escalating series of online attacks designed to break into poorly-secured WordPress blogs is fueling the growth of an unusually powerful botnet currently made up of more than 90,000 Web servers.
Over the past week, analysts from a variety of security and networking firms have tracked an alarming uptick in so-called “brute force” password-guessing attacks against Web sites powered by WordPress, perhaps the most popular content management system in use today (this blog also runs WordPress).
According to Web site security firm Incapsula, those responsible for this crime campaign are scanning the Internet for WordPress installations, and then attempting to log in to the administrative console at these sites using a custom list of approximately 1,000 of the most commonly-used username and password combinations.
Have any other advice for protecting those WordPress installs? Let us know in the comments below. Today’s post pic is from KrebsOnSecurity.com.