WordPress targeted by hackers

WordPress, the web platform which powers around 17% of the world's websites and blogs*, has been attacked by a botnet of tens of thousands of individual computers. The attack comes just after WordPress increased security with optional two-step authentication login.

For information and advice on keeping your website safe, click here

The botnet –  a network of hijacked home computers typically controlled by a criminal gang – targets users with the username "admin", then attempts to gain entry using thousands of possible passwords. 

WordPress founder Matt Mullengweg blogged: "Here's what I would recommend: If you still use 'admin' as a username on your blog, change it, use a strong password."

Advice for WordPress site administrators:

– Keep your WordPress site regularly updated (remember to always take a backup of your database before doing so)

– Keep regular backups

– Install an encrypted login plugin

– Do not advertise that your website is a WordPress site: hide "Powered by WordPress"

– Change admin username

– Move the wp-config file


*Source: W3Techs

Written by

In partnership with