Arts Assistance

  • About
    • Frequently Asked Questions
    • Testimonials
    • Resources
  • Services
    • Website Inquiry Form
    • Design Evaluation
    • Security Maintenance Package
    • Our Process
    • Q and A – Are We Right For You?
  • Portfolio
  • Blog
  • Contact

Botnet Brute-Force Attacks WordPress Sites – Update Your Logins

April 23, 2013 by Nancy Seeger

Over the past two weeks, webhost companies and security monitoring services for websites, have warned of large scale Botnet Brute-Force attacks underway to compromise WordPress sites.

Botnets Using Brute-Force Programs

WordPress Password Security

What are these Brute-Force login attacks? These attacks by botnets are automated programs from virus-infected PCs, used to target your WordPress login page. These botnets use Brute-Force methods to deploy dictionary/popular password programs to figure out your password to your website. Specifically, if you are using "Admin" as your user login, you are at risk (also weak passwords leave you vulnerable as well).

What Does it Mean for You and Your WordPress Site?

If your site has been breached, a backdoor portal is installed to become part of this botnet to compromise other websites and networks. Should this happen, you risk losing your site, an investment of significant time and money. Unless you backed up your site prior to being compromised, you may have to pay for a malware clean up or worse, have to scrap it and start from scratch. Ouch!

Easy Fix – Change Your WordPress Logins

Step 1: Is your username "Admin"? If not, you are probably okay to skip to the next step. To change your username – the easiest way is to do the following:

  1. Login to your WordPress dashboard – http://www.yourdomain.com/wp-admin.php,
  2. Go to the "Users" tab and click on "Add New,"
  3. Create a new username (something unusual would be best),
  4. Enter the email field (you need something that isn’t being used by your current admin user account),
  5. Create a random 12-character password (password generator),
  6. Select "Administrator" for the Role,
  7. Click on "Add New User" and log out,
  8. With your new user account, login to the WordPress dashboard,
  9. Click on the "Users" tab and click on "All Users" below the "Users" tab,
  10. Click the check box next to the "Admin" username,
  11. With the dropdown bar select "Delete" and the button "Apply",
  12. If you have existing blog posts, it will ask you "attribute all posts and links to:" – be sure to pick your new user login. Confirm the deletion,
  13. Go back to your new username under "All Users" under the "Users" tab in the dashboard and click "Edit", and
  14. Change the display name field to something other than your username login (this is mainly for authors of blog posts.) Click "Update Profile." This step will make it harder for hackers to identify your username.

You now have a new admin user login without the exploitable "admin" username.

Step 2: You have an unusual username but need a stronger password:

  1. Login to your WordPress dashboard – http://www.yourdomain.com/wp-admin.php,
  2. Go to the "Users" tab and click, then click on "All Users,"
  3. Hover your mouse under the username and click on "Edit,"
  4. Scroll to the bottom and enter under "New Password" fields a 12-to-20-random character password (click here for a password generator),
  5. Click on "Update Profile" at the bottom of the page to confirm your updated password,
  6. Go back to your username under "All Users" under the "Users" tab in the dashboard and click "Edit", and
  7. Change the display name field to something other than your username login (this is mainly for authors of blog posts). Click "Update Profile." This step will make it harder for hackers to identify your username.

Voila – all set! This will help protect you from the Botnet Brute-Force attacks.

Although nothing is 100%, there are more steps you can do to protect your WordPress site.

Check out our maintenance package; we help your site stay safe!

More about the mass scale Botnet Brute-Force attacks on WordPress:

  • Homeland Security notice about WordPress sites being targeted
  • KrebsonSecurity detailed post
Nancy Seeger

Nancy Seeger, the owner of Arts Assistance, believes website design is part of the marketing toolkit that attracts your audience. Their roster of clients includes a Grammy artist, coaches, small businesses and non-profits. Get web design insider tips to more easily manage your website and attract your audience.

Related Posts

  • Ensuring a Smoother Update to WordPress 4.3
    Ensuring a Smoother Update to WordPress 4.3

    When WordPress does a major release of anything with only two digits (4.3 for example),…

  • WordPress Has Your Back - Time to Update
    Baby with pirate hat

    Serious Security Vulnerability - Update Now Yesterday, WordPress released an important security update. A serious…

  • WordPress 4.1 - Backup, Double Check, Then Update

    Before you get all excited and install the new version of WordPress, do some housekeeping…

Filed Under: password, WordPress Maintenance, WordPress security

Get Website Insider Tips

Comments

  1. Tina says

    April 24, 2013 at 12:00 pm

    Thanks Nancy! Good tips to avoid security breeches with wordpress sites!

    • Nancy Seeger says

      April 28, 2013 at 4:57 pm

      Thank you Tina

      You might want to check out Protecting Your WordPress Site with These Easy Steps:

      https://artsassistance.com/protect-your-wordpress-site-with-these-easy-steps/

  2. Diana Ennen says

    April 28, 2013 at 3:21 pm

    Thanks Nancy! These were so easy to follow directions. I have several blogs and just realized one did have the dreaded “admin.” (The one I forgot to check when I first saw this.) I’m so grateful your facebook posting kept pointing to this because it was a great reminder. Only took like 5 minutes to do. You rock! Diana

    • Nancy Seeger says

      April 28, 2013 at 4:59 pm

      Hi Diana,

      I’m so glad that helped. Thanks for posting!

      Kind regards,
      Nancy

Recent Posts

  • Hidden Trap – Critical Quick Step To Protect Your Website Domain
  • Why People Never See Your Slow Website
  • Convert Your Website to HTTPS with This Easy Checklist
  • Did You Know Google Has a New 2017 Website Requirement?

Testimonials

"...We have been working with Nancy Seeger and Arts Assistance for a number of years. In all that time, we have found her to be extremely professional, highly skilled and knowledgeable, very responsive and a joy to work with...." [ Read More ]

"Thank you for your hard work in bringing our latest website to life. We’ve done three web properties together, and they keep getting better and better!..." [ Read More ]

Latest Posts

  • Hidden Trap – Critical Quick Step To Protect Your Website Domain
  • Why People Never See Your Slow Website
  • Convert Your Website to HTTPS with This Easy Checklist
  • Did You Know Google Has a New 2017 Website Requirement?
  • Do You Need a Website With So Much Social Media?

Receive Website Tips

FacebookLinkedInTwitter

© 2019 · Arts Assistance · Website Design Services in Fairfax, VA · Privacy Policy · Contact Us

We use cookies to ensure the best experience on our website. If you continue to use this site we will assume that you are happy with it. OK