Posted by John Hultar on Apr 16, 2013

Hackers Targeting WordPress 3.5.1 with alarming success!

WordPress Security jpeg


This is not a drill.

In the last week, 7 of the most popular web hosts have discovered a major increase in the amount of successful attacks aimed towards WordPress websites.

Based on information found on the attacks, it’s projected that over 93,000 servers are being utilized across the globe to log into WordPress sites by going through common username and password combinations.

How Can You Prevent Your Site from Attacks?

Be sure that your password is extremely unique and update your password semi-monthly.  It is smart to make sure your password include both uppercase as well as lowercase letters, along with special symbols.  While the suggested password length is 8 characters, most hacking software can easily crack an 8 character password.  It will behoove you to make your password longer than the typical 8 number of characters.

Activate the “Limit Login Attempts” plugin in order to lock out people or (bots in some cases.)  This plugin will lock the “login” feature after a certain number of failed login attempts.  Although there are a few people who are still reporting that this attack was successful on their sites even after installing this plugin, this is just one more line of security to prevent attackers.

Install the “WordPress Security Scan.”  This plugin’s features are simple.  It will scan your blog for vulnerabilities and let you know if it finds any malware.  If the texts in the admin panel are green, you are all clear.

Be sure to update your WordPress themes, plugins, and features as regularly as possible.

Restrain from using the default username as your login name.  Be mindful of what is going on.  Someone who wants to hack your blog will need a username and a password to login.  Leaving the default username gives an attacker a huge advantage.  Now all he or she will need to do is find your password and they are in.  By keeping the default username “admin,” you are willingly completing 50% of your attacker’s job!  Not Smart.

Alter the default wp_table prefix.  By default WordPress table prefix is wp_.  Anyone who has a basic skill level in WordPress will definitely be familiar with this.  This lessens your chance of getting a SQL injection.  SQL injection attacks work by uncovering your website’s database table prefix.  From there, they seek out the number of rows and columns in “user” table, ultimately getting access to your database which could expose your login username & passwords to a hacker.

As long as you’re ready for an attack and anticipating what may come, you’ll be protected on many levels.  The first step of preventing an attack is to be aware how common attack have become.

Take the time now to run a back up of your WordPress site.  If you have already been attacked, you should contact your sites developer and web host in effort to win back your site.

Till next time…….Stay guarded and keep smiling!