Wordpress is the number one content management system (CMS) around and has recently been attacked on a level never seen before. If you are a webmaster you should consider a few tips on securing your wordpress website so you don't become a victim
Botnets have existed for many years and it is a giant business as these networks control infected computers around the world and they can use them for whatever purposes they want whether to harvest data from the computer or to perform actions. Now Wordpress has become the main target for botnets to get access to more people by hacking into wordpress websites and uploading code which then makes it possible to infect more computers when users visit their website.
If you are a wordpress user you don't want this to happen to your site for many reasons. You will first lose traffic for computers that have any sort of virus protection that can catch this. In google chrome sometimes pages are blocked if the site has malicious code on it. You can basically assume your user might not ever come back to your website if they see this on your page. Next you could possible get de-indexed from a search engine and it all depends on what the hacker does to your website which could range from inserting a bit of malicious code, inserting links or other content as a means of advertising someone else's site and in the worse case scenario, complete hijacking of your website and their content overwriting yours. From an SEO point of view this would have some serious negative consequences.
According to one article in BBC which you can read here:
The botnet is attempting to login to wordpress websites using the username 'admin' which is typically the default username for any admin. Obviously most of the login pages on any sites have the prefix /wp-admin so the botnets can automatically find most of the login panels and at least have a username and just need to crack the password to get into your valuable site.
So what can you do to protect your site better?
Wordpress Security Tips
1. Avoid using admin as a login
. This is the default but create something that is personal to you.
2. Use a strong password.
If your password is weak and also used on other profiles you use, perhaps email, then in theory if someone has your password at one profile, they can try to login to all profiles with this password whether it be wordpress, banking, paypal, moneybookers-skrill, etc...
3. Limit Login Attempts Plugin
: This plugin makes it difficult for people to be spending all day guessing your password or for a robot to be automatically attempting logins. You can even get lockout notifications and the ip address that tried to login.
4. Restricted Site Access Plugin
: This plugin goes a step further and lets you block IP addresses or make your IP part of an unrestricted range.