Arts Assistance

  • About
    • Frequently Asked Questions
    • Testimonials
    • Resources
  • Services
    • Website Care Plans
    • Website Inquiry Form
    • Design Evaluation
  • Portfolio Examples
  • Blog
  • Contact

Botnet Brute-Force Attacks WordPress Sites – Update Your Logins

April 23, 2013 by Nancy Seeger

Over the past two weeks, webhost companies and security monitoring services for websites, have warned of large scale Botnet Brute-Force attacks underway to compromise WordPress sites.

Botnets Using Brute-Force Programs

WordPress Password Security

What are these Brute-Force login attacks? These attacks by botnets are automated programs from virus-infected PCs, used to target your WordPress login page. These botnets use Brute-Force methods to deploy dictionary/popular password programs to figure out your password to your website. Specifically, if you are using "Admin" as your user login, you are at risk (also weak passwords leave you vulnerable as well).

What Does it Mean for You and Your WordPress Site?

If your site has been breached, a backdoor portal is installed to become part of this botnet to compromise other websites and networks. Should this happen, you risk losing your site, an investment of significant time and money. Unless you backed up your site prior to being compromised, you may have to pay for a malware clean up or worse, have to scrap it and start from scratch. Ouch!

Easy Fix – Change Your WordPress Logins

Step 1: Is your username "Admin"? If not, you are probably okay to skip to the next step. To change your username – the easiest way is to do the following:

  1. Login to your WordPress dashboard – http://www.yourdomain.com/wp-admin.php,
  2. Go to the "Users" tab and click on "Add New,"
  3. Create a new username (something unusual would be best),
  4. Enter the email field (you need something that isn’t being used by your current admin user account),
  5. Create a random 12-character password (password generator),
  6. Select "Administrator" for the Role,
  7. Click on "Add New User" and log out,
  8. With your new user account, login to the WordPress dashboard,
  9. Click on the "Users" tab and click on "All Users" below the "Users" tab,
  10. Click the check box next to the "Admin" username,
  11. With the dropdown bar select "Delete" and the button "Apply",
  12. If you have existing blog posts, it will ask you "attribute all posts and links to:" – be sure to pick your new user login. Confirm the deletion,
  13. Go back to your new username under "All Users" under the "Users" tab in the dashboard and click "Edit", and
  14. Change the display name field to something other than your username login (this is mainly for authors of blog posts.) Click "Update Profile." This step will make it harder for hackers to identify your username.

You now have a new admin user login without the exploitable "admin" username.

Step 2: You have an unusual username but need a stronger password:

  1. Login to your WordPress dashboard – http://www.yourdomain.com/wp-admin.php,
  2. Go to the "Users" tab and click, then click on "All Users,"
  3. Hover your mouse under the username and click on "Edit,"
  4. Scroll to the bottom and enter under "New Password" fields a 12-to-20-random character password (click here for a password generator),
  5. Click on "Update Profile" at the bottom of the page to confirm your updated password,
  6. Go back to your username under "All Users" under the "Users" tab in the dashboard and click "Edit", and
  7. Change the display name field to something other than your username login (this is mainly for authors of blog posts). Click "Update Profile." This step will make it harder for hackers to identify your username.

Voila – all set! This will help protect you from the Botnet Brute-Force attacks.

Although nothing is 100%, there are more steps you can do to protect your WordPress site.

Check out our maintenance package; we help your site stay safe!

More about the mass scale Botnet Brute-Force attacks on WordPress:

  • Homeland Security notice about WordPress sites being targeted
  • KrebsonSecurity detailed post

Filed Under: password, WordPress Maintenance, WordPress security

Get More Tips For Your Website

"*" indicates required fields

Comments

  1. Tina says

    April 24, 2013 at 12:00 pm

    Thanks Nancy! Good tips to avoid security breeches with wordpress sites!

    • Nancy Seeger says

      April 28, 2013 at 4:57 pm

      Thank you Tina

      You might want to check out Protecting Your WordPress Site with These Easy Steps:

      https://artsassistance.com/protect-your-wordpress-site-with-these-easy-steps/

  2. Diana Ennen says

    April 28, 2013 at 3:21 pm

    Thanks Nancy! These were so easy to follow directions. I have several blogs and just realized one did have the dreaded “admin.” (The one I forgot to check when I first saw this.) I’m so grateful your facebook posting kept pointing to this because it was a great reminder. Only took like 5 minutes to do. You rock! Diana

    • Nancy Seeger says

      April 28, 2013 at 4:59 pm

      Hi Diana,

      I’m so glad that helped. Thanks for posting!

      Kind regards,
      Nancy

Testimonials

"...We have been working with Nancy Seeger and Arts Assistance for a number of years. In all that time, we have found her to be extremely professional, highly skilled and knowledgeable, very responsive and a joy to work with...." [ Read More ]

"Thank you for your hard work in bringing our latest website to life. We’ve done three web properties together, and they keep getting better and better!..." [ Read More ]

Latest Posts

  • Annual Website Checkup for 2022
  • Where Did My StudioPress Theme Go?
  • Keeping Your WordPress Website Hack Free
  • Increase Ticket Sales in Social Media with Better Website Links
  • Hidden Trap – Critical Quick Step To Protect Your Website Domain

Receive Website Tips

"*" indicates required fields

FacebookLinkedInTwitter

Copyright © 2023 · Arts Assistance · Website Design Services in Fairfax, VA · Privacy Policy · Contact Us

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsOK
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT