WordPress Blogs are Under Attack

If you have a WordPress blog then you might have noticed that for the past couple of days when you try to navigate to your admin login page you are confronted with an unexpected pop-up box asking you to enter login details. Many owners might fear that this is a sneaky trick by hackers to obtain your login details but it isn’t.

There is currently a massive attack on WordPress blogs from an unknown person(s), the attacks are widespread and they are hoping to hijack any vulnerable blogs by using over 90,000 IP addresses to try and gain access to admin panels by using the admin username and trying out thousands of commonly-used passwords.

Once they have control of your blog they will slip in a backdoor that gives the attacker(s) remote control over your blog without you even knowing about it (the same way they do it with computers) and you will then join their army as they attack more sites.

A lot of web hosts have been very quick to add an extra layer of security for your blog, it will mean having to enter in a different username and password (the host will tell you) to gain access to your admin login page.

There are a couple of things you can do to keep yourself safe:

Update WordPress – Make sure you are using the latest version of WordPress (3.5.1 at the time of publishing this), outdated versions have security flaws and make it incredibly easy for hackers to get in.

Strengthen Password – Don’t pick something like ‘password1’ make your password as strong as you can to make it more difficult to crack, try a mixture of upper and lower case letters with a number or two thrown in.

Watch the Plugins – There are a lot of rogue plugins doing the rounds these days, I wonder how many people remember when Saurabh Nagar sent me a copy of his BlogPressSEO plugin which he was using to hijack blogs? A good rule of thumb is to only use plugins that are listed in WordPress’ official plugin directory as they are examined closely.

The message security analysts are putting out there is that while this is something to take seriously it is not something that you should be overly worried about as long as you defend yourself by taking some of the steps above.

About Dean Saliba

Dean Saliba is a freelance writer, professional blogger, media enthusiast, dirty football player and huge professional wrestling fan who covers a wide range of subjects and niches including, making money online, traffic generating, pro wrestling, blog reviews, football, how-to guides, music, internet marketing and more.

22 thoughts on “WordPress Blogs are Under Attack

  1. Management Consulting Services

    Fully agree with above post. I opened few blogs day before yesterday and found message with red banner that texting “Your blog Hijacked”. There are few witty person,I think doing this.Should be imprisonment. Strong password should pick.

    • Dean Saliba Post author

      What you are talking about is something completely different, you are talking about someone hacking your WordPress blog, I’m talking about someone taking over lots of blogs to form a zombie army of blogs to attack.

  2. Property Marbella

    Swedish webbhotelet Hostgator also indicate that the attack began the week before last, it then lost power a few days and then picked up again on Wednesday, so the attacks come in waves, change your pass word often and be different for different websites and blogs.

  3. Seo Blog

    I do agree some important fact need to be taken against this hackers strong password need to be created and it should be randomly changed regularly thanks for sharing it dean

  4. Rio Vagas

    I have been having some of my wordpress blogs going into the admin log in page lately. I always thought it was just a time log off thing. Is there any strange alert sign on the link the hackers use?

    • Dean Saliba Post author

      They are using infected blogs to try and access other blogs by trying the username “admin” and thousands of common passwords.

  5. Mohi @ gadget blog

    Make sure to update the blog with perfect plugins as many spam plugin are getting listed try to update via wordpress directory and also keep changing the passwords certain period of times

    • Dean Saliba Post author

      I don’t know if the problem has been solved as there have been a few periods where it only died down a bit before flaring up again.

  6. Astrology

    We were actually hit by this hacker.Whilst going through the steps of kicking the hacker out, and cleaning up wordpress is a must, it is also important to think about your permalink structure settings.

  7. Auto Insurance

    Whats the problem…. any blog is acceptable to spam… any website is acceptable to hacking… along as no sensitive data is stored then there is no problem.

    • Dean Saliba Post author

      The “problem” is the hackers are not always looking for sensitive data, a lot of them are just looking to be destructive and cause a nuisance.

  8. Celebrities Jewellery

    Can anyone clarify whether this only affects WordPress blogs hosted privately i.e. where someone is using downloaded software from wordpress.org? I have a blog hosted on wordpress.com, is that affected also?

    • Dean Saliba Post author

      I have not heard any news about wordpress.com users being affected but I’m assuming wordpress.com will put security measures in place just like web hosts are. 🙂

  9. Pitt Goumas

    What if I just choose to keep a strong password? Will it still be necessary to update WordPress to the latest version? I find it difficult to get used to the newer versions

  10. Dean Saliba Post author

    The older versions have security holes in them that let the hackers in, a strong password might reduce the risk butt it would definitely not eliminate it completely.

Comments are closed.