By Kris Price, Senior Account Manager at Backup-Technology
April 22, 2013

Backup-Technology Online Data Backup Expert Tips: WordPress Powered Websites Targeted in Major Attack

A highly distributed attack targeting websites running the WordPress application has been detected. The attack uses a method of password guessing known as Brute Force, a system that utilises a combination of 1,000 of the most common usernames and passwords to gain access through the WordPress administrative console.

WordPress is one of the largest blogging applications on the planet and is currently responsible for the powering over 64 million blogs worldwide (according to WordPress on 15th April 2013).  At the point of writing the identity of those responsible is unknown, however analysts are reporting that over 90,000 IP addresses to bombard WordPress powered sites in what is being described as one of the most powerful and destructive botnets ever seen. The most common example of a botnet attack are the recent distributed denial of service (DDoS) targeting some of the worlds largest banks.

Speaking to KrebsOnSecurity, Marc Gaffan of hosting provider Incapsula says:

“It’s hurting the service providers the most, not just with incoming traffic,but as soon as those servers get hacked, they are now bombarding other servers with attack traffic. We’re talking about Web servers, not home PCs. PCs maybe connected to the Internet with a 10 megabit or 20 megabit line, but the best hosting providers have essentially unlimited Internet bandwidth. We think they’re building an army of zombies, big servers to bombard other targets for a bigger cause down the road.”

Essentially once the site has been hacked the botnet creates a backdoor into the site meaning that even if the blogger changes their password the attacker can still control the website.  The infected blog’s are then are used to attack other sites.

Another hosting company, one of the largest based in the U.S., HostGator, posted a blog stating:

 “As I type these words, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence. This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack.”

WordPress themselves released a recommendation to WordPress bloggers still using the admin username (this was the default username for all bloggers in older versions of WordPress), stating:

“Here’s what I would recommend: If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem.”

To help the blogging community Backup Technology provide a free WordPress plugin with 100MB of space to backup their valuable website data. So by implementing the recommendations of WordPress and by regularly backing up your important WordPress data, your can be rest assured you are fully covered if the worst happens to your blog.

Protect your blog today by clicking this link to download the plugin and follow the simple installation instructions.

About the Author: Kris Price is a Senior Account Manager at Backup-Technology, an Asigra powered cloud backup and disaster recovery solutions provider.


General Tags: online backup news, data security, online backup, CEO interviews, data storage, compare online backups, online backup services, online data backup, online backup companies, online backup reviews, backing up online, SaaS, top rated online backups, software as a service, online backup providers directory, cloud computing, online file backup, online file storage

Like us on Facebook

Do you like this post? Subscribe to our RSS feed ===========================


Related posts:

  1. ServInt Announces Partnership With VaultPress, Online Backup Plugin for WordPress Websites Powered By Automattic
  2. Backup-Technology Online Data Backup Expert Tips: UK Armed Forces at Risk of Cyber Attack
  3. Backup Technology Launches Version 2.0 of the Free Online Backup for WordPress Plugin
  4. IDrive Online Data Backup Enhances IDrive for WordPress
  5. Backup Technology’s WordPress Online Backup Plugin Makes Top 10 List
  6. Online Data Backup Specialist, IDrive, Launches IDrive for WordPress
  7. WordPress Launches VaultPress, an Online Data Backup Plugin Tool for Self Hosted Sites
  8. Backup Technology Releases Version 3 of Online Backup for WordPress
  9. Backup-Technology Online Data Backup Expert Tips: Uncovering and Calculating the Hidden Costs of Downtime
  10. WP Engine Announces Download Zip for WordPress Website Backups Summary

Tags: , ,