Special Edition: WordPress Under Attack

lock it downHello, fellow writers and bloggers. Happy Sunday!

Posting a quick missive today to make sure that you are all aware of the current hackfest that is going on with WordPress. We know that many of you have WordPress blogs and we’d hate to see anyone’s site compromised or posts lost.

Here is a great post from Forbes that outlines the top 6 precautions all WordPress users should take:

WordPress Under Attack: How to Avoid the Coming Botnet

Most of these fixes are simple and quick. I’ve been meaning to do many of them (including deleting my default “admin” account and installing a backup plugin as extra insurance even though my hosting company also does backups).

If you have a WordPress blog, please do take a look at this and then take the fifteen to twenty minutes to implement these recommendations.

Better safe than sorry!

Now, back to your regularly scheduled Sunday activities which hopefully include writing!




Here is a helpful article about some of the backup plugins that are available: 6 Top WordPress Backup Plugin Recommendations for 2013

And here’s a quick post on how to delete that default “admin” user: WordPress Security Tip: Remove the Admin User




Background Image Credit: Louise Docker

32 thoughts on “Special Edition: WordPress Under Attack

  1. Well, I tried to follow the instructions to no avail. When I changed the email address, I was told that this is already being used. (Of course it is – it’s one of mine.) And how are we supposed to “update” our current versions? It’s just not possible. Although WP seems to update itself continuously. New functions keep appearing and disappearing. Hard to tell from one day to the next where to find what. Did you actually mean “upgrade”, i. e. buying the premium version? Quite confusing. And yes, I’m using a WP daily and am generally an experienced user.

    • It can be a little tricky at first, but you can Google almost any issue you’re having and find lots of technical resources and how-to’s. I just added a couple more links to the post above which might be helpful.

      One thing I didn’t realize is that you can’t delete a user if you are logged in as that user. So, for example, if you typically log in as “admin,” you wont’ see an option to delete that user. You first have to create a new user (using a different email address – if you don’t have one, you can create a new one under your domain name via your hosting company or just add a Gmail account). Log in as the NEW user, and then you’ll be able to delete the “admin” user account. (Don’t worry about losing posts associated with that user – WordPress will ask you if you want to delete the content or assign it to another user, at which point you simply assign it to your new user.)

      I hope that helps!
      Good luck!

  2. It goes without saying delete the admin account and never mind wordpress if anything has a default account name change it! as for backups well backups should never be trusted to a host, as much as they love to tell you that they do backups and many do its still best to have the double insurance of your own backups chugging away in the background, and please don’t keep the backups on the hosting server please either have the backups on your local machine or better a cloud based storage solution like Amazon S3, dropbox or the like.

    • Redundancy is the word, right?
      I am having some technical difficulty with the back-up plugin I installed, but I think I was able to download the database … downloaded as a 2.1MB SQL file … I’m hoping that’s the right thing. 😉

      I’ll be looking into other options and backups to backups.

      • The fact that you have your SQL file is good and that is around the size I would expect it to be, you can rebuild a site off of that if you need to and you still have the theme somewhere and an idea of what plugins you are running as well as a load of time to sit and re configure it all 😀 I am using Updraft Plus and although I have not had to use it thankfully it seems to be backing everything up to my Dropbox themes, plugins and all. As a precaution I also ftp into my server and manually copy the files off every few weeks when I remember and they also get filled away. I am thinking of switching to an S3 backup but I want to find a nice plugin or shell script that will encrypt my data before storing it there otherwise my stuff is floating around unprotected.

        This seems excessive and probably is for my measly sized blog but hey I have learned from running game servers and those like to step up and go bye bye very quickly. I remember having a minecraft server backing up every 45 minutes.

      • Boy, Chris – sure sounds like you know what you’re talking about.
        If/when you find your perfect solution, I’d love to share it here. As writers, our words are such an important asset. The thought of losing them (not to mention all the painful technical set-up – none of which is my forte) gives me hives.

        Thanks for sharing!!

  3. Jamie I’m with you on the “hives” thing. I made a part of my New Years resolution “a sincere and focused effort to get organized and backed up.” It worked for a while of course. I started making hard copies of all of the posts on my main blog. Got all the way thru the end of November of 12 and then the lull of distraction set in! This is just the reminder I needed to get it back into gear. Why do people want to do mean cyberbot things anyway? They probably kicked over sand castles at recess too…some bullies just never grow up 😦
    Thanks for sharing the warning, and thanks to everyone who is chiming in with their questions and suggestions too!
    Kassie aka “Mom” of the blog:
    Maybe someone should write that down…

    • I totally agree with you about hackers being bullies. There should be a serious (serious!) punishment. Maybe something that involves honey and fire ants.

      I wish you luck in your backup journey. Happily, all the plugins and hosting-based systems are automated, so you won’t have to make any hard copies of anything!

      Thanks for coming by, Kassie aka Mom. 😉

  4. Pingback: Special Edition: WordPress Under Attack | Kansa Muse on Micro Farming and More

  5. Oh my! Technology scares me. It seems to be a mechanism that mean people seem to enjoy using to their advantage to spread chaos and dysfunction.
    Very sad we have to protect ourselves from people like this!
    Yet one more thing to learn about before I start a blog huh? whew

    • I understand where you’re coming from, Laura; but don’t let fear of technology stop you. There are hundreds of excellent online resources that can walk you though the basics (which is usually all you need to get started). The important thing is your message and getting it out there! 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s