Is your WordPress site safe?
Might sound like a silly question, but it’s not.
If you have a site that is based on WordPress, your site has probably been under attack over the past couple of weeks.
You see, since around mid-April a lot of WordPress sites came under attack by hackers. These hackers unleashed millions of “bots” (robots – software applications that run processes on the Internet). These hackers have been trying to break in to your WordPress site.
The most common user name for the owners of WordPress sites is “Admin” or “admin”. Why? Well, not only is it a logical name to use, but also many of the scripts (such as Fantastico) use Admin ad the default administrator username when they set up WordPress for you. The hackers who set up these bots know that admin is the most common username, so they send out the bots to try to log in to WordPress sites using admin as the username, and they choose common passwords, to see if they can easily get into your site.
Now, first thing is that if you are not using “admin” as your username, these bots would immediately move on to other sites. For passwords, a lot of people use common passwords. What are the most common passwords out there?
25 Most Common Passwords:
password
- 123456
- 12345678
- abc123
- qwerty
- monkey
- letmein
- dragon
- 111111
- baseball
- iloveyou
- trustno1
- 1234567
- sunshine
- master
- 123123
- welcome
- shadow
- ashley
- football
- jesus
- michael
- ninja
- mustang
- password1
If you are using one of these passwords, you need to go change it now! If you don’t change it, your site is vulnerable.
Another big problem is using the same password for lots of sites. Tons of people do this, and it is a huge security risk.
Use a Password Manager
There are lots of free pieces of software out there that will manage your passwords. I use one called KeePass. It not only saves my passwords, it suggests good passwords to me whenever I enter a new site into the system. It does lots of things to protect my sites. But, as I said, there are many such programs, so I am not saying that you must use KeePass, that’s just the one that I chose.
Anyway, going back to this bot attack on WordPress sites, the bots would go to the site and try to log in using admin and some of those common passwords. If they could not get in, they would move on to another WordPress site. So, if you are using a strong password, maybe 8 characters long at the least (most of my passwords are at least 15 characters long), the bot would not mess with you, because it is just too hard and time consuming to try to break into your site.
What would the bots do?
So, when the bots broke into your site, what would they do? Who knows? I don’t know. But, having somebody else access your site is not a good thing, and you should avoid it at all costs. I don’t mean somebody that you have given permission to, I mean some malicious hacker who tries to break into your site.
Lock your site down with a good password. Don’t use “admin” as your username. Just doing these two things will give you a much higher level of security compared to many other sites out there.