Wordpress botnet attack could pave way for larger site takedowns


The fallout from the Wordpress cyber attack could have far-reaching repercussions, as security experts fear the perpetrators could seize on compromised accounts to spread malicious material.

The blogging platform has reportedly been hit by a "brute force" attack that targets the Wordpress administration portal and tries to log into accounts with the username "admin" by trying thousands of passwords.

A botnet is thought to have been employed to carry out the attack, as tens of thousands of unique IP address have been recorded trying to hack into Wordpress installs.

Wordpress founder Matt Mullenweg, said admin' had been the default username for many users until the introduction of a newer version of the site several years ago.

"If you still use admin' as a username on your blog, change it, use a strong password, if you're on WP.com turn on two-factor authentication, and make sure you're up-to-date on the latest version of Wordpress," he wrote in a blog post.

Blog writers should use strong passwords to protect their accounts and their users, whom they have a responsibility to protect.

"Do this and you'll be ahead of 99 per cent of sites out there and probably never have a problem."

Hosting provider CloudFlare said the attack could pave the way for a larger one later down the line.

"One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack," said the company in a blog post.

"These larger machines can cause much more damage in DDoS (Distributed Denial of Service) attacks because the servers have larger network connections and are capable of generating significant amounts of traffic," it continued.

Olli-Pekka Niemi, vulnerability expert at network security vendor Stonesoft, said the attackers could also gain access to people's accounts to carry out further attacks.

"By compromising Wordpress blogs, attackers may be able to upload malicious content and embed this into the blog. When readers visit the blogs in question they would then be subject to attack, come under compromise and develop into botnets," Niemi warnd.

"Blog writers should use strong passwords to protect their accounts and their users, whom they have a responsibility to protect."

Meanwhile, Matt Middleton-Leal, UK and Ireland regional director security vendor Cyber-Ark, said there is a risk that once cracked these Wordpress login credentials could be used to gain access to other sites.

"If Wordpress users have been targeted in this attack, they should change their username and password details for their Wordpress account, but also for any other accounts for which they use the same credentials," said Middleton-Leal.

"This is especially critical if the same details are used for work purposes, as protecting these details is essential when it comes to securing what really matters within an organisation."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.