Important News: Hackers Target WordPress Sites

Recently hackers have made a concerted effort to target WordPress based sites, in particular sites which have a user named Admin.

Whilst the hack attempts are by and large basic brute force attacks and unlikely to get into an account with a strong password, the method in which they are attacking can easily crash your site or server.

The method is called a DDOS or (Distributed) Denial of Service attack and it bombards your site with request after request, overloading the servers capability to handle things and causing it to crash.

 

How to avoid this!

The simplest way to avoid this is twofold.

1)      Make sure that your password is secure. Passwords ideally need to be a minimum of 8 characters and should contain a mix of letters, numbers and symbols. If possible longer passwords are even better!

2)      If you have an user named “admin”, remove it or at least change its capabilities.

 

How do I remove the “admin”, I AM the admin!

You can follow these step by step instructions to swap over your administrator user. If you do not feel comfortable doing this, speak to your developer or web designer, or local IT guru.

1)      Log in as normal under your “admin” name

2)      Go to Users > Add New and create a new user with a unique name and a strong password. This user must be given administrator rights.

Note you will need a secondary valid email to add in here as WordPress will not allow more than one user with the same email.

create_new_admin

3)      Make sure you have correctly noted down the password.

4)      Log out of your old “admin” user

5)      Log into your newly created user

6)      Go to Users > All Users and find the original user named “admin”. Hover your mouse over the name and then select delete.

delete_admin

7) When you select delete a new page will show asking you what to do with the posts owned by the old user named “admin”. Make sure that you select the Attribute all posts to option and select the new user with administrator right’s name.

delete_allocation

Tips for securing your site

1) Create a strong, and unique password over 8 characters long using a variety of letters, numbers and symbols. Do not use “password”, names, or other words or numbers that can be found out easily.

2) Change your password regularly

3) Make sure your new administrator user has a unique name

4) Keep WordPress up to date – every update comes with security fixes and improvements

5) Keep Event Espresso, your theme and other plugins up to date. Again, updates bring security fixes.

6) Keep up to date with WordPress news, sometimes you can find out about problematic plugins/themes

Related Articles

4 thoughts on “Important News: Hackers Target WordPress Sites

  1. very informative post I have been using Admin as my login-id but now i am gonna change this. Thanks for the information.

  2. The WordPress have the admin pannel always at the same place (wp-admin) so that hacker have easy way to try to get in. Do they have a way to change the directory of admin of WP?

    For brute force attacks do the normal configuration sever have already a firewall that block IP if to many load and request. Maybe need to add a directory apache pasword protection to avoid this thing.

Share a Reply or Comment

Your email address will not be published.

Need help with Event Espresso? Create a support post in our support forums

Event Espresso
[gravityform id=116 title=false description=false]
<script type="text/javascript">var gform;gform||(document.addEventListener("gform_main_scripts_loaded",function(){gform.scriptsLoaded=!0}),window.addEventListener("DOMContentLoaded",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,initializeOnLoaded:function(o){gform.domLoaded&&gform.scriptsLoaded?o():!gform.domLoaded&&gform.scriptsLoaded?window.addEventListener("DOMContentLoaded",o):document.addEventListener("gform_main_scripts_loaded",o)},hooks:{action:{},filter:{}},addAction:function(o,n,r,t){gform.addHook("action",o,n,r,t)},addFilter:function(o,n,r,t){gform.addHook("filter",o,n,r,t)},doAction:function(o){gform.doHook("action",o,arguments)},applyFilters:function(o){return gform.doHook("filter",o,arguments)},removeAction:function(o,n){gform.removeHook("action",o,n)},removeFilter:function(o,n,r){gform.removeHook("filter",o,n,r)},addHook:function(o,n,r,t,i){null==gform.hooks[o][n]&&(gform.hooks[o][n]=[]);var e=gform.hooks[o][n];null==i&&(i=n+"_"+e.length),gform.hooks[o][n].push({tag:i,callable:r,priority:t=null==t?10:t})},doHook:function(n,o,r){var t;if(r=Array.prototype.slice.call(r,1),null!=gform.hooks[n][o]&&((o=gform.hooks[n][o]).sort(function(o,n){return o.priority-n.priority}),o.forEach(function(o){"function"!=typeof(t=o.callable)&&(t=window[t]),"action"==n?t.apply(null,r):r[0]=t.apply(null,r)})),"filter"==n)return r[0]},removeHook:function(o,n,t,i){var r;null!=gform.hooks[o][n]&&(r=(r=gform.hooks[o][n]).filter(function(o,n,r){return!!(null!=i&&i!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][n]=r)}});</script> <div class='gf_browser_unknown gform_wrapper gform_legacy_markup_wrapper' id='gform_wrapper_116' ><form method='post' enctype='multipart/form-data' id='gform_116' action='/2013/04/important-news-hackers-target-wordpress-sites/' novalidate> <div class='gform_body gform-body'><ul id='gform_fields_116' class='gform_fields top_label form_sublabel_below description_below'><li id="field_116_5" class="gfield gfield_contains_required field_sublabel_hidden_label field_description_below gfield_visibility_visible" ><label class='gfield_label gfield_label_before_complex' >What is your first name?<span class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label><div class='ginput_complex ginput_container no_prefix has_first_name no_middle_name no_last_name no_suffix gf_name_has_1 ginput_container_name' id='input_116_5'> <span id='input_116_5_3_container' class='name_first' > <input type='text' name='input_5.3' id='input_116_5_3' value='' aria-required='true' placeholder='First name' /> <label for='input_116_5_3' class='hidden_sub_label screen-reader-text'>First name</label> </span> </div></li><li id="field_116_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label' for='input_116_1' >What is your email address so we can follow up with you?<span class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label><div class='ginput_container ginput_container_text'><input name='input_1' id='input_116_1' type='text' value='' class='medium' placeholder='hello@example.com' aria-required="true" aria-invalid="false" /> </div></li><li id="field_116_2" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label' for='input_116_2' >Tell us about your concerns below<span class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label><div class='ginput_container ginput_container_textarea'><textarea name='input_2' id='input_116_2' class='textarea medium' placeholder='What kind of events are you planning?' aria-required="true" aria-invalid="false" rows='10' cols='50'></textarea></div></li><li id="field_116_6" class="gfield field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label gfield_label_before_complex' >GDPR Agreement</label><div class='ginput_container ginput_container_checkbox'><ul class='gfield_checkbox' id='input_116_6'><li class='gchoice gchoice_116_6_1'> <input class='gfield-choice-input' name='input_6.1' type='checkbox' value='I consent to have this website store my submitted information so they can respond to my inquiry.' id='choice_116_6_1' /> <label for='choice_116_6_1' id='label_116_6_1'>I consent to have this website store my submitted information so they can respond to my inquiry.</label> </li></ul></div></li><li id="field_116_3" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_3' id='input_116_3' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></li><li id="field_116_4" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_4' id='input_116_4' type='hidden' class='gform_hidden' aria-invalid="false" value='https://eventespresso.com/2013/04/important-news-hackers-target-wordpress-sites/' /></div></li><li id="field_116_7" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label' for='input_116_7' >Phone</label><div class='ginput_container'><input name='input_7' id='input_116_7' type='text' value='' autocomplete='new-password'/></div><div class='gfield_description' id='gfield_description_116_7'>This field is for validation purposes and should be left unchanged.</div></li></ul></div> <div class='gform_footer top_label'> <input type='submit' id='gform_submit_button_116' class='gform_button button' value='Send my message' onclick='if(window["gf_submitting_116"]){return false;} if( !jQuery("#gform_116")[0].checkValidity || jQuery("#gform_116")[0].checkValidity()){window["gf_submitting_116"]=true;} ' onkeypress='if( event.keyCode == 13 ){ if(window["gf_submitting_116"]){return false;} if( !jQuery("#gform_116")[0].checkValidity || jQuery("#gform_116")[0].checkValidity()){window["gf_submitting_116"]=true;} jQuery("#gform_116").trigger("submit",[true]); }' /> <input type='hidden' class='gform_hidden' name='is_submit_116' value='1' /> <input type='hidden' class='gform_hidden' name='gform_submit' value='116' /> <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' /> <input type='hidden' class='gform_hidden' name='state_116' value='WyJbXSIsIjBiNjdjZjkyMDUzOWUxOWY5Y2NiZjIwMzM4YjA1Mjk4Il0=' /> <input type='hidden' class='gform_hidden' name='gform_target_page_number_116' id='gform_target_page_number_116' value='0' /> <input type='hidden' class='gform_hidden' name='gform_source_page_number_116' id='gform_source_page_number_116' value='1' /> <input type='hidden' name='gform_field_values' value='' /> </div> <p style="display: none !important;"><label>&#916;<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_2" name="ak_js" value="204"/><script>document.getElementById( "ak_js_2" ).setAttribute( "value", ( new Date() ).getTime() );</script></p></form> </div>