An ongoing brute-force attack on WordPress-based websites has compromised more than 90,000 blogs, but there are simple ways to make sure your blog won't be next to fall.
Get Started for FREE
Sign up with Facebook Sign up with X
I don't have a Facebook or a X account
Your new post is loading...
Your new post is loading...
Gust MEES's curator insight,
April 13, 2013 9:20 AM
According to Sucuri, WordPress administrators who have been hacked should strongly consider taking the following steps to eradicate the intruders and infections:
- Log in to the administrative panel and remove any unfamiliar admin users (the first step after the attackers get in is to add a new user).
- Change all passwords for all admin users (and make sure all legitimate accounts are protected with strong passwords this time!)
- Update the secret keys inside WordPress, otherwise any rogue admin user can remain logged in.
- Reinstall WordPress from scratch or revert to a known, safe backup. Check also: - http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing?tag=WordPress |
Gust MEES's curator insight,
April 13, 2013 9:56 AM
That finding comes from Arbor Networks, which said that attackers had compromised numerous PHP Web applications, such as Joomla, as well as many WordPress sites, many of which were using an outdated version of the TimThumb plug-in. After compromising the sites, attackers then loaded toolkits onto the sites that turned them into DDoS attack launch pads. – Information Week Security
A MUST read to understand the WHY and HOW!!! |
Check also:
- http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing?tag=Botnet