This is why you need to protect your WordPress username and password

Security

If you run a WordPress site, you know that criminals around the world would love to use it to spread malware.

Last month, F-Secure Labs spike in “Flash redirectors” that automatically redirect the visitor to a site with the goal of infecting them with malware, in this case the Angler exploit kit. The source was compromised websites — specifically WordPress sites.

This isn’t a new find for the Labs but what is unique is one of the tactics of the attack — seeking out Wordpress usernames.

Why?

“After obtaining the username, the only thing that the attacker would need to figure out is the password,” Patricia from The Labs explains. “The tool used by the attacker attempted around 1200 passwords before it was able to successfully login.”

If you happen to have one of those passwords, bam. You site is serving up malware, which is not only harmful to your visitors, it can cost you tons of traffic as Google delists you.

Keeping your server and plugins up to date is essential for avoiding most attacks. Beyond that, this attack points to the need to both protect your WordPress username AND always use a unique, strong password.

“Furthermore, in order to defend against this kind of WordPress attack, you should not use a WordPress admin account for publishing anything,” Patricia notes.

You can also protect your server from enumeration attacks that discover the usernames of your bloggers. To see how to do that, visit our News from the Labs blog.

It’s pretty amazing what people can figure out about you with just your login and password. But when you’re running a website, which can be part or all of your livelihood, the only way to keep from handing criminals the key to your front door is to make sure your password can’t be figured out by anyone but you. And turn on two-step authentication if you haven’t already.

Cheers,

Jason

0 Comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like