Massive WordPress Brute Force Attack

If you run a WordPress-based site, you may have seen the news in the last couple days that a massive brute-force attack against the admin username and password has been making the rounds.

If your site has been compromised, I am available for consultation, clean-up and a security audit. But it doesn’t have to come to this. As it is easy enough to prevent:

  1. Create a new user whose username is not Admin and give that user Administrative rights as well as a complex/strong password: random, mixed-case alpha-numeric characters with the odd symbol or three thrown in for good measure.
  2. Delete the original Admin user (you’ll be prompted to assign post and page authorships to a new user).
  3. Install a plug-in that locks out invalid login attempts to the WP-Admin; like Wordfence, Limit Login Attemps, or WP Login Security 2
  4. Stay Calm and Keep Blogging.

If all else fails and you need my help, email me: [email protected]. I do accept PayPal and credit cards. But I’d rather you follow my free advice and not need to pay me for recovery services.