May 13, 2013

What Are WordPress Botnet Attacks?

What Are WordPress Botnet Attacks?

WordPress. In case you haven’t heard of it (and have been living under a rock), it’s one of the most popular blogging and content management systems in the world. Not only is the framework free for anyone to use, it is incredibly easy to install, intuitive to use, and infinitely customizable and its over 64 million users are a testament to its accessibility.

Unfortunately, like all other high profile systems, WordPress has become a target for hackers and spammers. Hackers using a botnet made up of tens of thousands of computers are attempting to brute force hack into WordPress sites, many of which have already been affected.

You may be asking yourself, “But what is a botnet and a brute force attack? Is this going to affect my site?” You may also be wondering how to protect your site in the event of any future attacks. Fortunately, there are several preventative measures that WordPress users can take.

First, though, let’s take a closer look at what this botnet fiasco is all about.

What is a Botnet?

Put simply, a botnet is a network of computers that have been harnessed together to combine their computing power in pursuit of a single goal.

  • Hackers infect private computers with malware and viruses.
  • Using those viruses and malware, they take control of the back-ends of those computers.
  • Once they’ve gained control, they set them all to run a single incredibly intensive program.

The current trend of hackers has been to create an enormous botnet to perform brute force attacks on WordPress. But why do they need so many computers for this?

Understanding Brute Force Attacks

Brute force attacks are basically what they sound like.

Here are the basic steps involved:

  1. Hackers choose a WordPress site and proceed on the assumption that it still retains the default user name of “admin” and set their botnet to try hundreds of thousands of passwords.
  2. The system will run through thousands of the most common words in the dictionary, countless numerical combinations, various combinations of numbers and letters, and any other potential arrangement.
  3. If run long enough, a botnet would eventually process every possible combination of upper and lower case letter, number, and symbol, though achieving that would take decades even using a botnet ten times the size of the one WordPress users are currently facing.

Because so many potential number, lower and upper case letter, and symbol combinations exist, hackers are utilizing the processing power of thousands of remotely linked computers to work through those combinations infinitely faster than they could using only a single computer.

When Should You Be Worried?

If the user name on your WordPress site is still the default “admin,” you should change it now. The current botnet attack is proceeding on the notion that most sites still use that user name, and unfortunately, the vast majority still do. Changing your user name to something unique and involved will place your site ahead of most sites currently out there.

Also, change your password regularly and use something that would take even a network of supercomputers decades to crack. A password like bR\/+3F0r<E is impossible to guess and the randomness and variety will do wonders for your site’s security. It may be difficult to remember and inconvenient to type, but typing in an inconvenient password is certainly easier and less time consuming than recovering a compromised website!

Increase Your Website’s Security

In addition to steps users can take themselves, numerous companies are offering plug-ins and additional coding solutions to help protect your site from these attacks.

  • The Botnet Attack Blocker is a WordPress.org plug-in that provides comprehensive protection against botnet attacks. The plug-in limited log-in attempts to a specific amount, regardless of the originating IP address, and it disables the log-in system after a certain number of failures. After lockdown, only whitelisted IP addresses may access the log-in screen.
  • Google offers an authenticator plug-in for smartphone users that provides a random and unique 6-digit numerical code that refreshes every minute; users enter their log-in info and then enter the code which is provided on Google’s smartphone app. The code is validated, and then users are allowed to log in.
  • Implement the new two-factor authentication system WordPress just introduced that requires an additional step to log into your site after entering your user name and password. Note that this last step is only available for WordPress.com users.

Other Victims

Despite the publicity being garnered by these recent events, WordPress users are not the only victims of this latest attack. Tens of thousands of unrelated personal computers have been infected with viruses and malware and are being used to break into the sites. The best way to prevent your computer from being hijacked is to have a good, up to date antivirus program and a spyware removal program. However, while those programs are definitely invaluable, the best way to keep your computer safe and uninfected is to be smart in your online habits by following these three simple steps.

  • Avoid opening mystery emails.
  • Refrain from frequenting questionable sites.
  • And never, ever download something you’re not 100% sure about.

Taking these simple steps will go a long way in helping keeping your computer safe!

The Future of Security

This current botnet attack will, like all highly publicized hacker attacks,most likely come to an endat some point in the near future. This is not to say that users should forego taking steps to keep their sites and data safe, however. Changing your usernames and passwords, and implementing all optional security measures can help keep you assured that your websites are safe, regardless of where the next coordinated attack comes from and in what form it takes.

These types of hackers are a persistent bunch that want nothing more than to wreck user’s websites and erase their personal data (or use it for nefarious purposes). Don’t make it easy and give them the satisfaction of stealing your info!

About the author 

Scott Buehler

I'm Scott Buehler and I'm here to help you choose the best web host for your needs. This site aims to be completely unbiased and is data driven for the ranking charts. Be sure to leave a review or comment below to share your experience. This site thrives off of word of mouth. Please share this site on your website, blog, or social media. Add me to your circles! Thanks!

  • I use the Google Authenticator plugin and I love it.

    As well I’m using a security plugin that limits how many times an IP can enter an incorrect username / password combination before that username and/or IP is locked.

    Looking for a way to authenticate securely without resorting to having to install SSL on all my sites. (There used to be a plugin that did this but it hasn’t been supported for a very long time.)

  • Hi Scott,
    How about having a plug-in which can limit the login attempts of the website. Can Botnets surpass them too?

  • {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

    Title Goes Here


    Get this Free E-Book

    Use this bottom section to nudge your visitors.

    >