Author Topic: Massive WordPress Attack Targets Weak Admin Passwords  (Read 1263 times)

0 Members and 1 Guest are viewing this topic.

Offline Johnnie F.

Massive WordPress Attack Targets Weak Admin Passwords
« on: April 18, 2013, 10:14:58 AM »
Massive WordPress Attack Targets Weak Admin Passwords

By Scott Gilbertson

If you’re using the popular open source blogging tool WordPress to power your website, you may be vulnerable to a new web-based attack.

If your WordPress admin pages suddenly become sluggish, unreachable or you’re unable to log in there’s a good chance your site is being attacked.

According to CloudFlare CEO Matthew Prince, the attack is using brute force against WordPress’ admin pages using the old default username “admin” and then trying thousands of passwords. There’s nothing new about that approach, but what makes this attack different, and particularly potent, is that the attackers have some 90,000 unique IP addresses at their disposal.

For its part CloudFlare has pushed out an update that “detects the signature of the attack and stops it.”

Popular WordPress Host HostGator reports that it too has “seen over 90,000 IP addresses involved in this attack.”

WordPress creator Matt Mullenweg has also weighed in, pointing out that it’s been over three years since WordPress used the username “admin” as the default for new installations.

However, there are no doubt a great many sites that still have — whether they use it or not — the “admin” user account hanging around in WordPress. It’s also worth noting that, while this attack appears limited to trying the “admin” username, a more sophisticated approach could do the same thing, but with unique usernames — for example, find the most frequently used account name on the public site, assume it’s an admin account and run the same attack against the admin pages. So far that hasn’t happened.

“Here’s what I would recommend,” writes Mullenweg on his blog, “if you still use “admin” as a username on your blog, change it, use a strong password, if you’re on turn on two-factor authentication, and of course make sure you’re up to date on the latest version of WordPress.”

Unfortunately, given the number of IP addresses that seem to be at the attackers’ disposal, other common security measures — like tools that limit logins by IP address — aren’t going to be terribly effective against this attack. Short of getting rid of the default “admin” account (if it still exists), there isn’t a whole lot you can do to stop the attacks (unless you want to use a web application firewall like CloudFlare or ModSecurity). Be sure to contact your hosting company if you think your site has come under attack.

I have a couple - fairly inactive - Wordpress blogs set up. From the web stats I can see from

/wp-admin/ - 301,072 page hits this month  and

/wp-login.php - 2,286 page hits this month

that they're desperately trying to take over. So, take this advice and change your passwords to very complicated ones, if you got blogs at or blogs using Wordpress open source software.

No matter how tall the mountain is, it cannot block the sun. - Chinese Proverb

Offline coolkorat

  • posting on moderation row
  • Korat forum expat
  • *
  • Posts: 135
  • Karma: -2
Re: Massive WordPress Attack Targets Weak Admin Passwords
« Reply #1 on: April 18, 2013, 03:42:44 PM »
Very glad you posted this Johnnie: it has prompted me to delete the Wordpress blog I had set up, and rethink.

I still tend to find posts that refer to new restaurants/ shops/ services etc. (and give unbiased opinion) most interesting and useful, but some recent posts highlight the problem with this: it is easy to be a critic when hiding behind a keyboard.

Korat doesn't seem to need more forums: it needs forum members to engage and make contributions to the existing forums: I'm as guilty as any of surfing the latest posts to see what is of interest and doing nothing else. So I will try to do less trolling and more typing in future...

Offline Johnnie F.

Re: Massive WordPress Attack Targets Weak Admin Passwords
« Reply #2 on: April 18, 2013, 08:53:12 PM »
Don't let anybody restrain you from starting topics that might be of interest to others, be them expats, visitors or the Thais who do also follow this forum in considerable numbers. :)
No matter how tall the mountain is, it cannot block the sun. - Chinese Proverb