Do you own a WordPress blog? Then its time to reassess your blog settings to make sure it is secured. According to the reports from trusted sources, more than 90 thousand wordpress blogs has been attacked last week. The hackers used brute force method to gain access to weak wordpress accounts. Shockingly, most of the wordpress sites that fell as victim had weak passwords such as “12345” and the default username ‘admin’. The hacking programs perform attack by guessing common passwords and usernames. Once the hacker gains access, the victim is drafted into a botnet, which is a collection of compromised systems that communicate with each other and works for online attacks. Once the server is attacked and added to botnet, it can be used to attack other machines in the internet, exponentially!
The report says, hacker would not benefit much by gaining access to wordpress blog, but gaining access to more than 90,000 compromised machines can be a big security threat; especially in denial-of-service-attacks.
How to secure your WordPress Blog?
* Never think of setting easy passwords. Most of the time users prefer to set easy passwords, so that they can remember it easily. Remember, the hackers has a huge collection of common passwords that are widely used by people for various accounts.
* You can enable Multi-level authentication for wordpress login. For instance, one has to pass through .htaccess password prompt, before landing on to the wordpress login page.
* Don’t use the default username ‘admin’ created while installing the wordpress blog. If you still have ‘admin’ username, change it to something else using our guide here.
* Don’t create too many wordpress user accounts, until and unless you really need them.
* Delete the unused wordpress accounts periodically.
* You might have strong passwords, but change it at least once in six months.
* Have too many bloggers writing for you? Advise them to set strong passwords for their accounts and educate them about wordpress security.
* Periodically audit all the wordpress accounts. During this process, make sure each account belongs to right Access Role.
Be sure and lets hope for the best!
