WordPress founder, Matt Mullenweg, has advised users to step up their security settings following a botnet attack involving ‘tens of thousands’ of computers.
What happened?
The attack targeted individual accounts where the username has left to its default ‘Admin’ and had been ongoing for a week. The botnets bombarded the accounts with thousands of popular passwords to gain access.
Who was affected?
It’s estimated that 17 percent of the world’s websites are currently built using WordPress, in numerical terms this is the equivalent of 64 million separate sites, giving an indication as to the scale of the problem.
Mullenweg speaks out
The WordPress founder referred to the attack in his blog:
“Almost 3 years ago we released a version of WordPress (3.0) that allowed you to pick a custom username on installation, which largely ended people using “admin” as their default username. Right now there’s a botnet going around all of the WordPresses it can find trying to login with the “admin” username and a bunch of common passwords, and it has turned into a news story (especially from companies that sell “solutions” to the problem)”.
Mullenweg strongly emphasised the importance of users creating their own username and changing their passwords urgently to avoid falling victim of a botnet attack.
Were you affected by the botnet attack? Was your blog or website hacked? Leave your comments in the comment box below.
