From the NEWS Room: If you are running your personal or business website on World’s leading Open Source CMS – WordPress, then it is the time to think whether you have taken the right security measures, or not. Security analyst have discovered that there is a substantial cyber attack launched over WordPress platform by a monolithic botnet of tens of thousands computers, using more than 90,000 IP addresses.
According to the report, the unknown identities are on the job to commandeer the servers running on the WordPress platform. Predominately, this is a brute-force dictionary-based attack which intends to find and target the sites with a username ‘admin’ being set as default by most of the site owners.
One of the Clouds performance and security company, CloudFlare admonished in their blog post that the unidentified attackers are relatively preparing for a much savior attack and they are using botnet of home based PC’s and systems to erect husky servers in grounding for a future, and even more potent attack.
CloudFlare and HostGator reported that the level of attack over WordPress is much bigger than expected and it attempts to gain access to millions of users account with low-level security standards in a mission to take control over servers. Whilst, the purpose of this brute-force attack is not totally clear – most of the researchers say that it seems like they are setting up a “backdoor [that] lets the attackers control the site remotely”. This could be more hazardous, in anyway.
Mather Price, CEO of CloudFlare further described the level of attack in a blog post – As the servers have larger network connections and bandwidth, it can induce damage to a great extent via DDos attacks & then it will send lots of requests to the server, concurrently.
This odd attack came out right after a week WordPress raised up their security by adding two-factor authentication system [optional] to their network. The purpose to this attack has yet to be discovered, however, it is found to be a bit similar to the ones formulated on WordPress in 2012. WordPress is among the largest and most used platform by millions of users. And it is equally a major target point for hackers, too.
As reported by HostGator, a world’s leading hosting provider – this brute-attack have already caused huge strains on the websites and as being said, there are also signs that once a WordPress install is duped by this Malware / hack & it wiggles into your host your crises management won’t even be able to get you back on your feet.
If you are still using your WordPress platform with a username “admin”, change it, anyway, or activate the two-factor authentication system offered by WordPress to make sure you are on the safer side. WordPress team highly recommends setting a strong password for the BLOGS that is phonetic with specials characters, upper and lower cases, and is of at least of 8 letters.