Critical Information for WordPress users

Published: 12th Jun 2013 in News

Protecting your WordPress website from the botnet 'Admin Hack'   

If you run a WordPress powered website please read this carefully and follow the steps to secure your WordPress website.

A mass hacking attempt using a huge 'botnet' of hundreds of thousands of infected computers is currently trying to 'brute force' attack WordPress websites. This attack works by trying to 'guess' your password multiple times per second. This attack is made easier if you have a WordPress user account called 'admin' as this gives the attacker half of your login information allowing them to focus on the password. There are several steps you can take to make it much harder for the attackers and prevent your site being compromised.

Backup before you start!

Login to Cpanel before you make any changes and backup your database and files - follow the backup instruction on our Green Hosting Support section.

Remove the 'admin' user if there is one

Never use the default WordPress username "admin". Instead, log in to your WordPress control panel, click "Users" and then add a new user with a username of your choosing. Give that new user account Administrator privileges, then logout and log back in as the new user you just created. Go back to "Users" and delete the default admin user.

Note: WordPress can transfer authorship of all posts created by the admin account to the new user account during the deletion process so you should do that and move the posts to the new admin you just created.

Use a strong password

Use a strong password that is hard to crack, use a password generator like this one to create it: http://passwordsgenerator.net/ don't use names, simple dictionary words or places.

Keep your WordPress install up to date

Always keep your WordPress install, themes and plugins up to date. Updates are usually released to plug security holes, so the sooner you update them the better. You should therefore  install all updates immediately (or as quickly as you possible can).

Use a WordPress plugin to limit the number of login attempts

While in the admin panel, click on Plugins > Add New. Search for a plugin called "Limit Login Attempts", then install and activate it. This will prevent new attempts to log in to WordPress for a specified period of time after a set number of consecutive failed login attempts. This prevents a bot from trying one new password after another until it finally finds the right one. You can also see the plugin here: http://wordpress.org/plugins/limit-login-attempts/

More news from Make Hay

Help us celebrate our 20th business anniversary
To celebrate our 20th business anniversary and to say thank you for your custom we are excited to offer you the opportunity to win a year... read more
It’s been 20 years! Share your memorable moments with us.
Calling all Make Hay and Green Hosting clients This September will mark our 20th business anniversary. Wow, where did that time go?! On... read more
New Festival of Social Science website
In November we were delighted to launch the new 2020 Festival of Social Science website. This event hosted by the Economic and Social... read more
Happy 16th to us!
This month our business turns 16 years old. 16th business birthdays are not usually considered to be significant, well not as significant... read more
New website for Redbridge IASS
We have been very fortunate to work with another great Special Educational Needs & Disability Information and Advice Support Service... read more
New website for Ask Us Nottinghamshire
We are delighted to launch this brand new website for Ask Us Nottinghamshire, an organisation that provides impartial support and... read more