Since the beginning of April 2013, there has been a significant increase of break-in attempts of unsecured Blogs powered by WordPress. By doing brute force attacks, the culprits are able to access the admin panel of WordPress who are using lower password strength. It is strongly recommended to always use a very strong password using a minimum of 12 characters with upper and lower cases and using specials characters. You can also use a random password generator as it is not recommend to use passwords that consist of dictionary words.
In this case, the brute force attacks are used to try to connect to the WordPress Admin panel using a predefined password database and can result in your WordPress installation being hacked if your password was part of this database. Since it could take months to decrypt a single machine using a strong password, the attackers are generally targeting WordPress installations using low-secure password. By using a strong password, you are limiting the chance of any brute force attacks to work on your infrastructure.
Security experts have not yet determined what the hackers are planning to do with the compromised servers but reports suggest that the compromised servers could be used to build a massive botnet that can later be used for nefarious activities such as launching cyber-attacks such as DDoS or Phishing campaigns.
How to Protect
Having a strong password is only one aspect of keeping your WordPress secure. The WordPress Official website includes a few tips on how-to maximize your security and minimize your risk of being compromised. Here are a few of those tips:
1. Always keep your WordPress up to date with the latest fixes and releases – This will allow you to reduce the risk of getting hacked by attackers using known vulnerabilities in WordPress. You can refer on how-to update WordPress Here
2. Always report Security Issues – If you think you found security vulnerability in WordPress, the software maker recommends to contact them to report the issue. In case you have indeed found a flaw, they will be able to work on a fix to prevent any further malicious activities.
3. Plugins – Unused and outdated plugins are one of the main causes of WordPress installations being hacked. It is recommended to disable unused plugins and always keep your favorites ones up to date.
4. Renaming WordPress Administrator account – It is possible to rename the default “admin” account to something a little more complex on an existing WordPress installation. When installing a new instance of WordPress, it is possible to delete the default “admin” password and simply create a custom administrative account. We would refer you to WordPress “Security through obscurity” section on WordPress website for more information
5. Data Backups – Although it won’t help you to prevent break-in attempts, keeping your data backup has always being part of safe and rigorous security pattern. It will save you time when trying to restore pre-compromise backups if you do get compromised.
These are only a few of the tips available on WordPress official page in the Codex pages. Please refer to the follow this link to view the full article.