April 16, 2013, 3:15 PM — More than 90,000 WordPress blogs have been affected by botnet attacks since last week. A few simple steps can protect your blog from hackers.
The botnet in question tries to guess WordPress accounts through brute force, cycling through 1,000 common passwords, along with the "admin" username. Once an account is compromised, the system gets dragged into the botnet so it can attack more machines.
WordPress founding developer Matt Mullenweg recommends on his blog: changing the "admin" username, using a strong password, turning on two-factor authentication (here are instructions if you're using WordPress.com and if you have a self-hosted WordPress blog), and making sure you've got the latest WordPress version. He says this should put you ahead of 99% of other sites out there.
I would add making sure all your WordPress blog plugins are updated and using a security plugin such as Better WP Security. Also, other usernames being attempted include: administrator, manager, root, support, test, and user, so consider changing those common usernames as well.
The last thing you want is for some stupid computer posting garbage on your blog, right?
[Hat tip, Shout Me Loud]
Read more of Melanie Pinola’s Tech IT Out blog and follow the latest IT news at ITworld. Follow Melanie on Twitter at @melaniepinola. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.