Dcode Group Blog

Using WordPress? Secure All User Accounts

With more and more cloud-based software available, many businesses have been keen to make use of these tools. However as these tools gain popularity they become the target of hackers. If you are using online tools (or tools that you download and re-launch on your own server), it is vital that you secure the system before using it.

"Hackers Attack 90,000 WordPress Blogs" - a sensational headline in technology news this week. But disastrous if you're using WordPress and you have not secured your installation/setup.

According to the reports, the attacks began last week and have affected tens of thousands of WordPress Blogs - one of the more popular generic blogging/CMS platforms available. While at this stage the outcomes/purpose of the attack are yet to be known, what is known is how they are "attacking" these sites. And of greatest concern is the ease at which they are doing it.

Analysis of the attacks have revealed that an automated program is cycling through WordPress accounts and attempting to gain access to the site using about 1,000 common passwords. For someone who has removed the default accounts and created strong passwords, this is unlikely to affect their systems. However, for those still using the default accounts and who have "generic" passwords, this form of attack can prove successful - especially when use of software is on the scale of WordPress.

If you are using a WordPress site, ensure that you take steps to secure the site.

Some steps you can take include:

  • Disable the generic/default accounts - these will be the same username across EVERY WordPress installation and make it easy for hackers to test passwords against;
  • Use strong passwords and change them regularly;
  • Enable two-step authentication for your blog; and
  • Always ensure that you upgrade your installation to the latest version.

One of the founders of WordPress, Matt Mullenweg said the following in relation to the attacks:

"If you still use 'admin' as a username on your blog, change it," he recommended.

By using a strong password, turning on two-step authentication and updating to the latest version of WordPress software, users will "be ahead of 99 percent of sites out there and probably never have a problem"

Matt Mullenweg, a WordPress founder

Taking these added steps to increase the security of your WordPress system will go a long way to helping you prevent unauthorised access to your site. In addition, tools are available to monitor who is accessing your WordPress Installation (and from where). As a site owner, take the time to familiarise yourself with some of these tools and monitor access of your site to be one step ahead of fraudulent users and to ensure that your WordPress system remains secure.

If would like to find out more about how to secure your systems and software, contact DCODE to find out how we can assist you. As an IT consultancy with a strong understanding of IT security, we can assist you in ensuring that your systems and software remain secure.

-- 

Get updates, tips and industry news delivered directly to you

Written by

Andrew Sirianni

Andrew founded DCODE GROUP with the goal to develop custom software solutions...