Panama City, Panama -- (SBWIRE) -- 04/15/2013 -- A large-scale brute force attack against WordPress sites is occurring. The distributed attack comes from a large botnet with more than 90,000 servers. The bots are attempting to log in as admin by cycling through common usernames and passwords, using the so-called dictionary attack principle.

After studying the various attack patterns, security software firm Sucuri has concluded that the number of hack attempts of WordPress Sites has trippled in recent months. It further concluded that the reports of large-scale attacks are accurate.

Some hosting providers already emailed their clients to warn them of the brute force attacks.

One of those hosting providers is Irish based Spiral Hosting. Its managing director stated “There is currently a large scale brute force attack coming from a large amount of IP addresses spread across the world,”

“A large botnet has been attempting to break into WordPress websites by continually trying to guess the username and password to get into the WordPress admin dashboard. This is affecting almost every major web hosting company around the world. Our Network Operations Centre (NOC) has detected a significant increase in botnet activity since April 11.”

Armstrong continued: “Brute force attacks have reached epidemic level. Therefore, we have joined other major web hosting providers by advising all our clients who use WordPress to install an additional plug-in 'Limit Login Attempts' that will help to prevent brute force attacks.”

“WordPress Tutorials for Beginners” has video tutorials on how to install and configure this plug-in and other Security Plug-ins.

Some hosting providers resulted to more drastic measures, simply blocking access to ALL Wordpress login pages to avoid client inconveniences... causing some inconveniences themselves in the process...

Armstrong explained that it is of the utmost importance that WordPress websites -all parts of them- are kept up to date.

“Normal security procedures include regular updates of the WordPress core files, plug-ins and theme files. In addition to this, we also recommend WordPress administrators change their login username from the default 'admin' username, use very secure passwords, and install the 'Login Limits Attempts' plug-ins or other WordPress security plug-ins."

"Securing WordPress From the Get-Go" has a full Video Tutorial series on how to secure a Wordpress site and gives tips on how to further better security, including how to construct long and safe passwords and how to easily remember them.

“Another security risk that WordPress administrators sometime neglect to address are inactive themes and/or plugins, installed on their blog but no longer in use. The files for the WordPress themes are still located in the /wp-content/themes/ or /plugins/ directory, and even if they're not being used, they're still vulnerable to being hacked/exploited if they're not kept up to date. Therefore, we recommend WordPress administrators to delete all WordPress themes and plug-ins except the active ones currently in use on their website,” Armstrong said.

A video, featuring a very cute geek girl, appeared recently on Youtube outlining the risks of not securing your Wordpress installation and the consequences of getting hacked. You may view that video at this link.

About WordPressTutorialForBeginners.org
WordPressTutorialsForBeginners.org offers a full 200+ Video Tutorial Series, covering all aspects of WordPress from installation to SEO and installing and configuring advanced plug-ins, including security ones. Their “Secure WordPress From The Get-Go” series on the other hand is focused entirely on security, and shows even the novice user how to install a secure version of WordPress.

Media Contact
S. Daniels
WordPressTutorialsForBeginners.org
Panama City, Panama.
http://www.WordPressTutorialsForBeginners.org