April 13th botnet security?
-
I am trying to protect my site from the current 4-13-13 botnet attack on wordpress. I would like to know what is the best way to be secure.
-
Hi there, the botnet attacks mostly affected self-hosted WorPress.org sites where the main user account was called “admin.” That’s not the case here at WordPress.com, since all our usernames must be unique.
Still, the best way to keep your site protected is to have a very secure and unique password which you change regularly. We have some tips here:
You can also activate our new Two Step Authentication for added security.
Just let me know if you have any other questions.
-
Thanks. I guess I’m safe, since I’m not self-hosting nor am I “Admin”.
Will you have a wordpress update soon that will close that botnet hole, though? -
There isn’t actually any “hole” related to WordPress specifically, since all the bot is doing is looking for weak usernames and passwords.
If self-hosted folks already have good usernames and strong passwords and want to do something more, there are various steps that can be taken. Some of them are listed in the Codex page on Brute Force Attacks.
- The topic ‘April 13th botnet security?’ is closed to new replies.
WordPress.com Forums 