WordPress Security Bulletin
Fri, 21 Feb 2014
Dear website owner,
If you do not have a WordPress website hosted by Virtual Creations, you can disregard this message. If you do not know whether your website is a WordPress website or not, please contact your website developer and ask them.
In the last 24 hours, many of the WordPress websites on our server have been deluged with a constant stream of hacking attempts. Automated processes are attempting to log into WordPress websites by guessing their administration password. This was putting a huge load on our server, not to mention the potential for compromising one or more accounts.
I have blocked the IP addresses of all the hackers, and the attack is over, for the time being.
However, this would be a good time to remind ALL WordPress website owners that your website platform - WordPress - is inherently a very vulnerable system. Thousands of WordPress websites are hacked every day. I regularly find hacked WordPress websites on my own server (and I suspend/disable them instantly).
With this in mind, I strongly recommend the following extra security precautions for all WordPress website owners:
If it ever turns out that your WordPress website has been compromised, your hosting account will be instantly suspended, which will take your website AND emails offline.
If you do not have a WordPress website hosted by Virtual Creations, you can disregard this message. If you do not know whether your website is a WordPress website or not, please contact your website developer and ask them.
In the last 24 hours, many of the WordPress websites on our server have been deluged with a constant stream of hacking attempts. Automated processes are attempting to log into WordPress websites by guessing their administration password. This was putting a huge load on our server, not to mention the potential for compromising one or more accounts.
I have blocked the IP addresses of all the hackers, and the attack is over, for the time being.
However, this would be a good time to remind ALL WordPress website owners that your website platform - WordPress - is inherently a very vulnerable system. Thousands of WordPress websites are hacked every day. I regularly find hacked WordPress websites on my own server (and I suspend/disable them instantly).
With this in mind, I strongly recommend the following extra security precautions for all WordPress website owners:
- If your WordPress administration username is "Admin" (the default), I recommend that you change it ASAP. Do this by adding a new administration user in WordPress, and then deleting the "Admin" user.
- Use a strong password for all WordPress administration users
- Regularly (every two weeks), log into the admin area of your WordPress website and ensure that WordPress is up-to-date, and so are all the themes and plug-ins.
- Install some sort of WordPress security plug-in into your WordPress website, such as WordFence (www.wordfence.com).
- Ensure that your own PC (the computer you log into WordPress from) has a good anti-virus program, and that it's running and monitoring your computer.
If it ever turns out that your WordPress website has been compromised, your hosting account will be instantly suspended, which will take your website AND emails offline.