Beware the Botnet: Simple Steps Toward WordPress Security

If you’re one of those people who make their login/password easy to remember because you don’t want to be bothered with remembering something complicated, you might want to pay attention to this.

A massive botnet of tens of thousands of machines is attempting to hack in to weak password protected WordPress sites that have “admin”as the login. Once they find one, they will attempt to break in by taking the login and matching it with commonly used passwords and attempting to login until they find the right combination to gain access. This is called a “brute force” attack. Once the bot has gained access, it can command your computer to unleash viruses, spam, or denial of service attacks on other computers.

Protect yourself by following these steps:

Get rid of the “admin” login. I know that WordPress says that you can’t actually change a login, so what you’re going to do is set up a second one and delete the original one.

1. Go to your dashboard and click Users/Add New

2. Fill out all of the information on the New User screen.

3. Change your password to something that’s not easy to guess, not “password”, your name, or 12345. Be original! Use a combination of numbers, letters and punctuation to create a strong password. The strength indicator will let you know how strong your password is.

3a. Be sure to click the drop down arrow for “Role” and make yourself an administrator.

add new wordpress user phpmyadmin

4. Click the blue “Add New User” button.

5. Log out of WordPress and login with your new login and password. Once you know that your new admin login/password works, delete the old admin/password. The Delete Users screen will open.

Beware the Botnet: Simple Steps Toward WordPress Security

6. Tell WordPress what you want to do with the posts that were created by the “admin” user. If you want to save them, click on the “Attribute all posts to” button and select the new admin name, or some other user identity that you may have for publishing posts, etc.

7. Click the “Confirm Deletion” button.

Update WordPress. Make sure you have the latest version.

Install the Limit Login Attempts plugin

We hope you find this short article helpful. Thanks for reading.