New wrinkle in the WordPress botnet attack

I just noticed that the WordPress botnet attackers have tweaked their attempts to log into WordPress sites. They’re now trying the domain name as a username (so, my logs show that they’re trying “lastsyllable” in addition to “admin”). If you run a WordPress site and your username is admin/Admin, your username matches your domain name, or your user ID is 1, make sure you’re using a strong password and consider changing your username. I stop short of a blanket recommendation to change usernames because it’s so common to blog under a persistent pseudonym (which is not the same as anonymity, if I may point in the direction of that particular soapbox), and then have a domain that also uses that pseudonym, so I’d expect it’s equally common use the same pseudonym as a username. Which is probably why the attackers are trying it. Note, however, that WordPress allows users to choose a different display name, so that might be a solution for changing your username and still appearing under the name you’d prefer to use.

I can also recommend the Better WP Security plugin to help secure your site. It may be a bit too technical for some users — you do need to know what you’re blocking or limiting access to, and make sure that you’ll still be able to use your own site in the ways that work for you — but it’s been a solid solution for me.

Leave a Reply