Might Be a Good Time to Change Your WordPress Password

We’re fine since we don’t have an admin who uses the name “admin”,  but in any case, it’s good to occasionally have a reminder of why simple, short passwords (and handles) are a very bad idea:

Apr 12 2013, 9:10pm: 

Security analysts have detected an ongoing attack that uses a huge number of computers from across the Internet to commandeer servers that run the WordPress blogging application.

According to CloudFlare’s Prince, the distributed attacks are attempting to brute force the administrative portals of WordPress servers, employing the username “admin” and 1,000 or so common passwords.

April 11, 2013:

There is currently a significant attack being launched at a large number of WordPress blogs across the Internet. The attacker is brute force attacking the WordPress administrative portals, using the username “admin” and trying thousands of passwords. It appears a botnet is being used to launch the attack and more than tens of thousands of unique IP addresses have been recorded attempting to hack WordPress installs.

 

Other articles on this Here and Here.

4 thoughts on “Might Be a Good Time to Change Your WordPress Password

  1. No, since Ars Technica is a pretty big site with a pretty hefty reputation for posting actual news. (I wouldn’t have posted this if it had been just from a flimsy news source I didn’t know.)

    And today, I see that Forbes, PC World, Lifehacker, and Slashdot all have stories on it. That seems like sufficient evidence to me that it is a real report, or at least as real as I am capable of detecting.

Comments are closed.