Username “Admin” WordPress Sites Targeted By Brute-Force Hackers
Users are advised to change their usernames from the default and have strong passwords.
WordPress founder Matt Mullenweg issued a warning Friday about hackers infiltrating accounts with the username set to the default “admin.” Several large-scale, well organized brute force attacks successfully hacked into an unknown number of WordPress sites with administrator usernames of “admin” or “Admin.” Once hacked, a backdoor is installed, allowing the attackers to access the site even after the password has been changed. They have seen the number of brute-force attacks nearly triple in the last few days, reaching upwards of 100,000 attempts per day.
The best solution is to change the targeted username. Not only “admin,” but also “administrator,” “test,” and “root” are susceptible to being targeted by the attackers. In addition to these changes, Mullenweb advises users to maintain strong passwords, implement two-factor authorization, and make sure WordPress is up to date.
Original article by Mathew J. Schwartz.
Read the full story here.
Leave a comment
K-12 teachers offered training to help give every student an education in cybersecuri Read more
Battling Procedure Fatigue in Cybersecurity . . . Or . . . making sure we don’t just Read more
Weekly themes for the annual event have been announced… An article review. October is Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more