There’s a headline tonight on ArsTechnica, the technology blog:
Huge attack on WordPress sites could spawn never-before-seen super botnet
This site runs on WordPress. So do all the other sites I build. Obviously, a scary headline.
Scary for ArsTechnica too. Their site is also built on WordPress.
This is pretty wicked stuff. It’s called a brute force attack because password after password is sent to the default “admin” account. The attackers are looking for sites protected with commonly used passwords.
Most of my sites don’t use “admin.” I’ll try and harden the rest this weekend. it’s a pretty simple change.
None of my sites use dictionary words for their password. This attack won’t work on me.
ArsTechnica speculates the huge bandwidth available through websites running WordPress could make these compromised machines the most powerful botnet ever seen!
This is like science fiction. Except it’s real.