Botnet Warning to WordPress Bloggers: Change Admin User Name Now
Continuing on my spam topic mini-run, here’s an important notice for WordPress users. If you use the “admin” or “administrator” user name, change it now. Why? Because botnets are targeting WordPress accounts and, according to ZDnet, the worst is yet to come.
A botnet is a network of hundreds, thousands, or millions of compromised computers used to perform attacks, send spam, etc. Word from many credible sources, including WordPress itself, is that botnets are behind the brute force attacks on logins for WordPress sites that many of us have seen lately. According to blogger Chris Jean,
The goal of a brute force attack is to try as many username and password combinations as possible in order to find valid login credentials. It’s as if someone was trying to guess the combination on a combination lock, but rather than being limited to a single guess every few seconds, they could make hundreds or thousands of guesses a second while never getting tired.
The risks are that the botnets could hurt the performance of your system and get your site suspended due to the increased load. Or the bot could guess your login and compromise your entire site…and the server it’s running on.
So, double check your “users.” If you have “admin” or “administrator” in there, change it now. Jean has outlined a straightforward approach to making this change.