Wordpress website targeted by hackers

Wordpress website Wordpress users are advised to change their user names

Related Stories

Wordpress has been attacked by a botnet of "tens of thousands" of individual computers since last week, according to server hosters Cloudflare and Hostgator.

The botnet targets Wordpress users with the username "admin", trying thousands of possible passwords.

The attack began a week after Wordpress beefed up its security with an optional two-step authentication log-in option.

The site currently powers 64m websites read by 371m people each month.

According to survey website W3Techs, around 17% of the world's websites are powered by Wordpress.

"Here's what I would recommend: If you still use 'admin' as a username on your blog, change it, use a strong password," wrote Wordpress founder Matt Mullenweg on his blog.

Hi-tech crime terms

  • Bot - one of the individual computers in a botnet; bots are also called drones or zombies
  • Botnet - a network of hijacked home computers, typically controlled by a criminal gang
  • Malware - an abbreviation for malicious software ie a virus, trojan or worm that infects a PC
  • DDoS (Distributed Denial of Service) - an attack that knocks out a computer by overwhelming it with data; thousands of PCs can take part, hence the "distributed"
  • Drive-by download - a virus or trojan that starts to install as soon as a user visits a particular website
  • IP address - the numerical identifier every machine connected to the net needs to ensure data goes to the right place

He also advised adopting two-step authentication, which involves a personalised "secret number" allocated to users in addition to a username and password, and ensuring that the latest version of Wordpress is installed.

"Most other advice isn't great - supposedly this botnet has more than 90,000 IP addresses, so an IP-limiting or login-throttling plugin isn't going to be great (they could try from a different IP [address] a second for 24 hours)," Mr Mullenweg added.

Matthew Prince, chief executive and co-founder of Cloudflare, said that the aim of the attack might have been to build a stronger botnet.

"One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack," he wrote in a blog post.

"These larger machines can cause much more damage in DDoS [Distributed Denial of Service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic," he added.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

BBC Future

(SID)

Road designs that trick our minds

Subconscious signs used for safer driving Read more...

Programmes

  • A motorised skateboadThe Travel Show Watch

    The motorised skateboard which can reach speeds of 17mph (27 km/h) and other travel technology

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.