WP Sites Under Attack Across the Globe
Why is it necessary that I should be writing about this subject, “WP Sites Under Attack Across the Globe”? How many times are we told that it is a necessity to use a WP-Admin User name that is difficult for a hacker to guess and a password that is hard to crack. Here are a few user names that it is obvious are still being used extensively.
administrator
support
test
admin1
admin
user
How am I able to sit here an say that with certainty? I use a WordPress plugin, “Login Lockdown”. When an IP address makes a number of failed attempts to login to my WP site LL blocks that IP and sends me an email telling me the IP that has been blocked and the username that they were using to attempt to break into my admin. Now these people are attempting to gain access to websites on a very regular basis and are not going to continually attack those usernames unless they have some degree of success.
I believe that somewhere there is a list of something like 50,000 usernames that are commonly used. Word Press by default allows unlimited attempts to login to the admin area. This environment means that hackers can apply brute force attacks to crack usernames and passwords. Currently hackers are using up to 90,000 hacked home computers to facilitate these brute force attacks. This is possible because computer users are possibly ignorant of the risks involved in connecting to the Internet. Either these people are ignorant or they choose not to use security programs because of the cost or because they don’t take the time to learn about protecting themselves and others.
The worst part of the ignorance or penny pinching of these people is that they are letting hackers attack their friends and other people who are using the internet to the best of their ability to secure their computers. This seems to me to be another area exposing the breakdown of social etiquette in today’s world.
A lot of WP sites are installed using fantastico installer. This installs wp using admin as the username. A better installer to use is Softalicious. It allows you to put in a different username and a computer generated password that is difficult to crack using upper and lower case letters an a selection of other keyboard characters. I use the password generator to create a password that I use for the admin user name. Then I use it again to create the password. When you use admin The hackers are 50% of the way to cracking your WP installation.
Softalicious also allows you to change the prefix used in all WP database installations. Thus improving the security of your WP installation. Have your install send the details to your email account. This includes all your install variables. You can save this information in a text file that you can refer to later. There are secure options out there for storing username and passwords. I did try one of those a few years ago and managed to loose the username and password for it. <(:-)=
Remember you can do your bit to help make the internet a safer place to be for yourself and the rest of society.
Again I think this is all a result of the breakdown of society.
best wishes,
Reg Whelan