Skip to main content

Wordpress hit by massive botnet attack

Wordpress hit by massive botnet attack
And like that, your blog security floated away

Wordpress and its 64 million blogs are currently under attack by a botnet 'tens of thousands' of computers strong.

Your many and varied musings on the world around you are most at risk if you've kept your Wordpress blog username as 'admin', as the botnet is tirelessly trying thousands of possible passwords to get in and mess things up.

Wordpress founder Matt Mullenweg has some revolutionary advice, "Here's what I would recommend: If you still use admin as a username on your blog, change it, use a strong password."


He also recommends using two-factor authentication if you're using, as well as making sure you're on the latest version of WordPress.

"Do this and you'll be ahead of 99% of sites out there and probably never have a problem."

He also reports that the bonnet has "supposedly" over 90,000 IP addresses so IP limiting and login throttling won't help much.

Basically, if your Wordpress username is 'admin', now would probably be a good time to change it.