Massive Botnet Attacks WordPress Websites With User “Admin”

How to deal with the massive WordPress Botnet

Multiple sources have reported of a nasty botnet currently trolling WordPress websites that uses brute-force tactics in order to crack WordPress websites using the username Admin. To protect yourself against this current WordPress botnet, it is recommended to immediately change your WordPress username from Admin to something else and change. It is also recommended to change your password to a strong password if you have not already.

Don't Get Hacked. Get SiteLock

This method of safety is also advised by Matt Mullenweg (WordPress Developer) as he claims “Do this and you’ll be ahead of 99% of sites out there and probably never have a problem,” aimed at his 64 million WordPress users. Mullenweg also said to turn on the two-step authentication, which prompts you to enter a secret number you get from the Google Authenticator App on your smartphone.

Additional WordPress Botnet Protection:

  • If you suspect your WordPress website was hacked or is compromised  there are many companies such as Sitelock and Sucuri that offer website security packages to monitor and clear threats.

Furthermore, it is never recommended to create a WordPress account using the name “Admin” as this name is one of the most commonly attacked usernames, if not the most attacked WordPress username. It is also recommended to always update WordPress installs and your WordPress plugins.

If you want to know more about the safety of your WordPress website there are third-party plugins such as Security Ninja and Login Ninja that can be used to test and protect your WordPress login against brute-force attacks.

Login ninja