Ongoing Attack Against WordPress Sites


There is what’s been described as a well organized and very distributed attack going on against WordPress sites. This hits the webcomics community right where we live. If you’re using WordPress for your comic you need to do something about it. Right now.

Ars Technica recommends the following WordPress security plugins, one to limit login attempts and the other for general security of your site.

Philip M. Hofer (Frumph to many of us) the creator of WordPress comic themes Comic Press and Comic Easel was asked about the attacks. He said, “install the plugin WordFence security, make sure the admin account name isn’t “Admin” and use a good unique hard to figure out password.”

Before I go any further, don’t take my word for this. Read the articles at ComputerWorld and ArsTechnica to get details.

But briefly, what’s happening is a botnet has been detected hitting WordPress sites with a brute force attack to guess passwords for the common “admin” login. It uses the roughly 1,000 most common passwords to get into the sites and then installs backdoor code to take over the entire compromised system. Any infected sites are then forced to join the rest of the botnet rolling like a snowball. The results are tons of compromised sites, a slower Internet, and worst of all a super botnet that can wield huge resources against any target.

So, go fix your sites right now!