WordPress Security Attacks & Vulnerabilities for Admins

Many users by now have already heard about the ongoing security attacks against WordPress CMS websites. To simplify the issue, a large number of IP addresses have been recorded with multiple login attempts for wp-login.php. This is usually the work of brute force bots attempting to crack into WordPress sites using weak passwords and common usernames.

It is advised that all new installs should be straying from the typical username/password combos. Admin and Administrator are typical usernames, and this is exactly how such advanced scripts gain access to the dashboard panel. Many people have been reporting a downturn in the attacks but it’s still making a lot of new headlines.

How you can ensure your safety? Well the best way is to be using a high-priority password with a great combination of letters, numbers, and symbols. Additionally the “admin” username is a fairly common disadvantage and should be avoided. Here is an excellent quote from the article on Tech News Daily:

Brute-force attacks, as their name would suggest, are some of the least sophisticated hacks out there, rapidly cycling through common directory names, passwords and IP addresses in order to access private files through sheer dumb luck.

You can find a number of open source WordPress security plugins geared towards fighting brute force attacks. But when you are dealing with a botnet containing thousands of different IPs it will get a lot more challenging. Hopefully the attacks are not damaging enough to bring down web servers. But sometimes these programs will get through and now you’re dealing with a compromised system.

I am familiar with a service Hacked Recovery to help in just such an occasion. If you are missing your username or e-mail and the account logins are not working please visit the site and see if you can find a solution. Corporate sites with smaller databases will be easier to handle than a full-scale blog. And ideally you may be able to access cPanel to fix things remotely. But keep vigilant and dig through WordPress plugins for extra security measures – just to be on the safer side in case of accidents which snowball out of control.

The WordPress system has grown in popularity to span a majority of countries all over the world. It is not a surprise to witness these kinds of attacks in a full-scale routine. I do hope that the perpetrators may be brought to justice so we can manage security in the future. But it’s not a safe world and people can always setup new botnets for brute attacks. If you have any similar suggestions or ideas on WordPress security feel free to share with us in the discussion area below.