post

Time to delete your “admin” login and beef up your passwords

WordPress logoHey Everyone,

If you have a WordPress installation, you’ve probably heard about the mega-attack some jokers (trolls) have coordinated via an army of about 90,000 bots, probably computers they’ve infected with undesirable code and now control.

If you haven’t, you should know about it.

There are a few great posts out there on what to do to protect your site; I’ve shared a few links at the bottom.

  1. First step, remove any users named “admin” (create a new admin-level user with a totally different name, log out, log in as that new user, delete the user named “admin” and attribute all their posts/pages to another user);
  2. Then remove any users with the ID of “1” even if their name isn’t “admin.”
  3. Then make sure all the passwords are “strong,” random 12+ character strings of numbers, upper- and lower-case letters, and symbols. (I use 1Password to manage mine.)
  4. Make sure everything is up to date: core, themes, plugins. (Of course, make sure you already have backups first, before you update.)
  5. Save a few backups, go back a month or more, to your computer or at least another location other than just your server. Attacks can spread from one installation through to others in one affected web host account, even if there is a vulnerability in just one. And the attack could have breached one of your lesser-maintained installations a couple of weeks ago and been working its way from there, hence the back-copies, just in case.
  6. If you know what you want to see, look at your wp-config.php file for anything funny or out of place…or even just missing. If you don’t, ask someone else to do it for you. Worth looking at anyway if you have an old site, or you’ve taken over a site you didn’t create. I was surprised to find no AUTH keys in one, plus some extra lines of code just before the closing. Even if the site wasn’t victimized, that wp-config.php file was so old, pre-2008, it really needed fixing.

Repairing an affected site is a bit of a chore; at a minimum, it adds more to your to-do list, so if you can harden your sites against this attack, so much the better.

Here are a few helpful links:

Sorry for the bad news. (Oh, and Drupal and Joomla and other site tools are also vulnerable, they are just not as popular so we hear about them less. If you have a Drupal or Joomla or even Dreamweaver installation, better beef up your user access/names/passwords, too.)

May the Anti-Brute Force be with you!

(Sorry, couldn’t resist.)

ea/

Speak Your Mind

*

PageLines