Users are advised to change their usernames from the default and have strong passwords.
WordPress founder Matt Mullenweg issued a warning Friday about hackers infiltrating accounts with the username set to the default “admin.” Several large-scale, well organized brute force attacks successfully hacked into an unknown number of WordPress sites with administrator usernames of “admin” or “Admin.” Once hacked, a backdoor is installed, allowing the attackers to access the site even after the password has been changed. They have seen the number of brute-force attacks nearly triple in the last few days, reaching upwards of 100,000 attempts per day.
The best solution is to change the targeted username. Not only “admin,” but also “administrator,” “test,” and “root” are susceptible to being targeted by the attackers. In addition to these changes, Mullenweb advises users to maintain strong passwords, implement two-factor authorization, and make sure WordPress is up to date.
Original article by Mathew J. Schwartz.
Read the full story here.