WordPress has been victim of a massive ‘botnet’ . HostGator and CloudFlare servers have warned that they are using more than 100,000 bots to attack simultaneously to all users, as recorded by BBC News .
This massive attack to all WordPress users have used the username ‘admin’ -very commonly used by administrators of blogs-and testing thousands of possible passwords to try to access their accounts.
The attack began a week after WordPress strengthen its security with optional authentication system in two steps.
WordPress feeds 64 million websites that are read by about 371 million people each month. According to a survey by W3Techs , about 17% of the world’s web sites are powered by WordPress.
“This is what I recommend: If you still use ‘admin’ as the user name on your blog, replace, and use a strong password,” wrote the founder of WordPress, Matt Mullenweg, in his blog . Mullenweg also suggests to its customers that the system of two-step authentication involves obtaining a secret number and install the latest version of WordPress.
Matthew Prince, CEO and co-founder of Cloudflare, said the target of the attack could have been building a stronger botnet . “One of the goals that may have an attack like this is that the attacker is using a relatively weak botnet computers to build a large botnet more powerful servers towards a future attack,” he wrote in a blog.