Yesterday (4/11/2013) hackers staged a massive online attack against websites that use WordPress. It affected websites and website hosts around the globe.
Utilizing a computer network, the hackers attempted break into WordPress dashboards by cracking the login username and password. This was made easier by the fact that for years the default WP username has been admin.
How do you know if your WordPress site was hacked?
I haven’t seen any definitive answers to that question. However a good place to start is to log into your WordPress dashboard. Click on Users in the left column. In most cases you should just see your login. If you see a user you don’t recognize, let me know.
The good news is that I’ve been working on this all day and guess how many hacked sites I’ve seen? Zero. I’ve got my fingers crossed that it’ll stay that way!
What can you do to keep the hackers out?
Make sure that your password is nice and strong. We’re not going for user-friendly with this. We want long and complicated. (click here to see more information about selecting a password)
Keep your WordPress software and plugins updated. I’ve started a quarterly update service. Let me know if you’re interested in that.
If you’re using admin as a user name that should be changed. This can be a little tricky so contact me if you need help. If you want to do this yourself log into the dashboard and select Users. You’ll want to add a new administrative user. (Remember to make a strong password and a username that’s not easy to guess.) Once that’s created you can change your old user to subscriber status. The caveat here is that users must have distinct email addresses. So if you only have one email address this won’t work. Not to worry though, let me know and I can change your existing admin into something else by updating the database itself.