Username “Admin” WordPress Sites Targeted By Brute-Force Hackers
Users are advised to change their usernames from the default and have strong passwords.
WordPress founder Matt Mullenweg issued a warning Friday about hackers infiltrating accounts with the username set to the default “admin.” Several large-scale, well organized brute force attacks successfully hacked into an unknown number of WordPress sites with administrator usernames of “admin” or “Admin.” Once hacked, a backdoor is installed, allowing the attackers to access the site even after the password has been changed. They have seen the number of brute-force attacks nearly triple in the last few days, reaching upwards of 100,000 attempts per day.
The best solution is to change the targeted username. Not only “admin,” but also “administrator,” “test,” and “root” are susceptible to being targeted by the attackers. In addition to these changes, Mullenweb advises users to maintain strong passwords, implement two-factor authorization, and make sure WordPress is up to date.
Original article by Mathew J. Schwartz.
Read the full story here.
Leave a comment
New Guidance On Business Continuity Is Now Available… An article review. As part of a Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more
Please know that the boilerplates we provide as part of our speaking engagements are Read more
Despite advances in automation, millions of additional people are still needed… An ar Read more