WordPress has been attacked by hackers who are targeting users of the popular website platform. Hosting services Hostgator and CloudFlare both report that a botnet attack using “tens of thousands” of computers is attempting to gain control of websites which have the username “admin.”
The computers reportedly attempt thousands of passwords to try to gain control, and they can try these passwords from thousands of different unique IP addresses, which makes it nearly impossible to predict where the attacks will come from next.
The BBC reports that the cyber-attack comes just a week after the site increased security by adding the option for a two-step authentication login process. Approximately 17 percent, or 64 million websites, are powered by WordPress, and almost 400 million people read WordPress websites every month.
WordPress founder Matt Mullenweg said on his blog that the best action WordPress webmasters can take is to change their “admin” login to something else and also use a very strong password. He also said users should enable the two-step authentication process added last week by WordPress, which includes a secret number plus the use of a username and password. He also said that having the most recent version of WordPress installed on users’ sites is important.
CloudFlare CEO and co-founder Matthew Prince said in his blog that the current attack on WordPress users may be aimed at securing larger and better servers so that the hackers can prepare for an even bigger attack. He said bigger machines do more damage in the types of denial of service attacks that have become common recently because they can generate much more traffic than smaller machines.