WordPress is one of the easiest content management systems to set up and use. That’s why people like it. It’s easy to add functionality without having to know how to code php because there is such a large developer community that makes tons of free plugins. WordPress is the largest self-hosted blogging platform in the world, powering more than 60 million websites worldwide.
That fact may be a key reason why WordPress is in the news right now as the subject of a large-scale attack from a huge number of computers from across the internet – known as an automated botnet attack – attempting to take over servers that run WordPress.
WordPress’ popularity comes at a price in a situation like this, as a perceived vulnerability in the platform’s ease of use is weak security by users. If you or your company have sites that use WordPress, there are two things to consider. First is to avoid having your own site hijacked and second is to avoid becoming part of a larger problem. Think childhood immunizations.
So what can you do to make your site secure enough right now to deter such attacks in the future?
Avoid Obvious Passwords: Hackers mostly go after novice Web users who don’t take the time to switch from their default login information. A secure password is a mix of at least eight upper and lowercase letters, numbers and special characters (^%$#@*)!
Loose The Admin Username: The attackers are in possession of 90,000 IP addresses from which they are trying to crack the default “admin” accounts on WordPress installations. So if you are still using “admin,” create a new user with admin privileges (you will need to use a different email address than the one attached to the current admin) and give it a strong password as defined above. Then log back in as the new user and delete the old admin account and assign all of the posts in that account to the new user. Five minutes, tops.
Use Two Step Authentication: Take advantage of two-step authentication which assures that you are a human logging in, not a bot. To enable Two Step Authentication, head on over to the new Security tab in your WordPress.com account settings, and go through the setup wizard. The wizard will help you make sure that everything is configured correctly.
Update WordPress: Many hackers exploit holes that have been identified in older versions of WordPress, so keeping your install up to date is another easy way to avoid trouble.
Don’t let spammers, hackers or botnets mess up your presence on the web. You can be secure.
There’s a lot more you can do to protect your site. Figment Design has amazing security packages to protect your WordPress site from hacking attempts this includes reports on your website security.