There is currently an ongoing botnet attack targeting WordPress websites with the username “admin”. Whilst the specific goal of the attack is unknown, botnets can be used to perform DDoS (Distributed Denial of Service) attacks, send spam and perform a number of other illegal activities. The botnet attack is rumoured to using more than 90,000 IP addresses and its approach breaching WordPress websites is to try as many username and password combinations as possible in order to find valid login credentials. This “brute force” attack can make thousands of username/password guesses a second in order to gain access to your WordPress website.
The main threat to WordPress users is that the botnet gains access to your website by guessing valid login details. If access to your website is successful, your website & server could become compromised. If the user account has an admin role, the attacker will have the ability to modify anything on your website, deface it or even delete it The best advice for WordPress site owners is to check if you have an administrator account with the username “admin”. If so, you need to change it and also make sure that you are using a secure password to reduce the risk of your website becoming victim to this WordPress botnet attack. It is essential that you keep your WordPress website, themes & plugins up to date as these updates often patch security holes. Don’t forget to make regular off-site backups of your website.