Notification – Global Brute Force Attack on the admin user in WordPress
About a week ago a major network of remotely controlled machines across the world started to actively scan for all WordPress that may have weak administration passwords. This caused outages, slowness, and site access issues for some.
As long as you don’t use “admin” as a username you should be okay. Artbiz Client’s don’t have “admin” as a username.
Make sure passwords are not a word based, totally random, and long over 14 chars with upper, lower cases, symbols and numbers.
How to delete the admin user in WordPress and create a new admin user account.
To be on the safe side download a backup of your content first. Under Tools > Export select all and save to your computer.
Create the new user account first
- Login with your “admin” username.
- Go to Users > Add New
- Create a new admin user account with a strong user name that will be hard to guess. This means DO NOT use your name if it is the title of your site. I use a combo of my 3 pet’s names for example.
- Create a strong password that is a combination of upper and lower case letters, numbers and symbols at least 14 characters in length.
- Make sure you provide administrative rights to the new use
- Enter a Nickname that will display publicly as the author of your posts.
Deleting the admin user
- After you create the new user account with administrative privileges – log out.
- Log back in using the new credentials
- Navigate back to Users > All Users
- Under the user “admin” click delete
- On the next screen you will be prompted to attribute all the posts under the admin user to someone else. Select your new user account.
- Click the Confirm Deletion button
- Viola bad user name be gone.
That’s it. Any Questions?
More information on securing WordPress
Last week I was hired to help an artist get her WordPress blog back up. When I went to the site all that was there was a blank white page. At first I thought it was a simple plugin conflict and if so a quick fix, but alas it was not.
The site was hacked with Malware/iframe virus code.
The first thing you have to do when this happens, as outlined in this great article from WordPress, is stay calm.
Ya right, your site is gone, all your hard work and Google may penalize you.
No really, you must get hold of yourself, there are logical steps to take to get your site back online and one of them is to use your WordPress Backups, but first…
- SCAN your computer for Malware and viruses. It could be that you inadvertently downloaded something and infected your computer. The Malware is lying in wait for you to upload something to your site and then goes with it.
- CHECK with your hosting company, they should be able to remove the virus.
- CHANGE your FTP, WordPress and database passwords. Also change the secret keys contained in your wp-config.php file. There is a link there where you can generate, copy and paste them in to the file.
- UPGRADE WordPress and plugins will help prevent a hack in the first place. This is one of the most important things you can do to protect your site. If you are at all uncomfortable with executing upgrades, Artbiz offers an upgrade service.
- DELETE everything and start over. Not what you were hoping to hear but sometimes this is the most expedient way to restore your site. Download and install the latest version of WordPress and restore a clean copy of your database from your database backup.
- BACKUP! Keep at least three weekly database backups. If you backup daily then you may want to keep a weeks worth so that you can go back far enough to get a clean copy. You can export a database backup from PHPMyAdmin or install a database plugin that will export a backup right from the WP Dashboard.
Regarding item #6: The WordPress Export Tool is not the same as a database backup.
The export tool only creates a file that contains your post, pages and upload content, while a database backup creates a file that contains your site configurations.
It is important to note that the while the database backup does contain the site configurations and even NextGen Gallery image descriptions, it does not contain the physical images, themes or plugin files.
You should be performing both forms of backups, because if your database can not be restored at least you have your content!
What steps have you taken to create WordPress Backups?