WordPress Botnet Attack

wordpressThe BBC, ZDNet, WordPress and all of the IT Press have announced that a massive attack is in progress against every WordPress installation.

They are specifically targeting sites with the admin account still active and cross checking that with password lists.

Go Here to protect your site right now

There are a number of checks, fixes and guides you can use but the simplest is to install a solid security plugin.

Most of the free ones are poorly implemented and usually are not supported plus – they can get you locked out.

What Can You Do To Thwart WordPress Attacks?

The most efficient plugin that is easiest to use is SecureScanPRO. You don’t need to be a rocket scientist to set it up – and you can have a safe and secure website in minutes.

  • – It scans your sites for weaknesses.
  • – Provides instant 1 click fixes for 12 of the most serious issues.
  • – Automatically checks core wordpress files against wordpress.org for attacked files.
  • – Scans and Emails you if anything has changed.
  • – Emails you if anyone tries to hack your site.
  • – Automatically bans repeated logins.
  • – Presents a captcha to the login interface to stop bruteforce bots.

Grab it now and get get safe.

It takes 2 minutes for instant peace of mind and to secure your WordPress site.

WordPress Attack Hits The News!

BBC reports – “WordPress sites targeted by hackers…attacked by a botnet on tens of thousands of individual computers…targets users with the username ‘admin’ – trying thousands of possible passwords” (Apr. 16th, 2013)

TechNews Daily Reports – “Hackers attack 90,000 WordPress blogs…hackers behind the attacks have combed through WordPress accounts and attempted to guess passwords via brute force” (April 15th, 2013)

Information Weekly Security reports – “WordPress hackers exploit username ‘admin’….Attention WordPress users: If you have a WordPress username set to ‘admin’, change it immediately” (April 15th, 2013)

ZDNet reports – “WordPress hit by massive botnet; Worse to come, experts warn….could be just the surface of a wider, larger attack.” (April 15th, 2013)

Don’t wait until it’s too late! There will always be hackers waiting to deface your prize site. How much are your sites worth? Not including the time and effort we put in to keep our sites updated and populate them with fresh new content, the cost could be devastating to pay someone to clean up the mess. The price is much less costly if we prevent it from happening to begin with. As Benjamin Franklin once said: “An ounce of prevention is worth a pound of cure”

Spend a little now or a lot later! Go get this plugin now & protect your WordPress site!

Update: I just read on sucuri.net – if you are using WP Super Cache or W3TC Total Cache you need to update them immediately due to a Remote Code Execution Vulnerability (a.k.a., arbitrary code execution)

…arbitrary code execution is used to describe an attacker’s ability to execute any commands of the attacker’s choice on a target machine or in a target process. – Wikipedia

As of a week ago both plugin creators have rolled out new versions of their plugins disabling the vulnerability by default. Be sure you update these plugins if you have them installed on WordPress!

separator