Hackers attack WordPress website, target 90,000 blogs

Open source blogging platform, WordPress has been hit by a botnet of over tens of thousands of individual computers.

The botnet has targeted WordPress users, who use the username admin, speculating thousands of possible passwords.

WordPress founder Matt Mullenweg has asked users to change passwords if they still use admin as a username on their blog.

Mullenweg also advised users to adopt two-factor authentication, and make sure they are up-to-date on the latest version of WordPress.

"Most other advice isn’t great — supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours)," Mullenweg added.

Security firm CloudFare reported that one of the concerns of an attack similar to that of WordPress is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack.

Cloudflare chief executive and co-founder Matthew Prince said: "These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic."

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up