There's a group of hackers running amok with WordPress and Joomla.
Why do hackers hack?
Damn good question, a few reasons. Sometimes it's to install a link or a script into your website that points to a website of theirs, other times it seems they do it because they can?
Why are they targeting WordPress? (and Joomla, another Content Managed System)
Because most web designers make it too easy and go with the default login username 'admin'. That's half the login hack already done for them. We NEVER set up sites with admin as the username. And our clients are well used to our rather cryptic passwords, apologies for that however it's to protect you and your business.
These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*). We generally go 15 to 18 characters long, call me paranoid but better to be safe I reckon.
So how are they doing the hacking?
It's called a 'brute force' attack. What that means is the hackers are just systematically and methodically trying to figure out your password so they can gain control of your sites.
The main force of this attack began last week, then slightly died off, before picking back up again. No one knows when it will end. The symptoms of this attack are a very slow backend on your WordPress site, or an inability to log in. In some instances your site could even intermittently go down for short periods.
Again, this is a global issue affecting all web hosts. Any further information we could provide at this moment would be purely speculation. Our hope is that this attack ends soon, but it is a reminder that we must all take account security very seriously.
We still recommend WordPress of course (it now accounts for about 18% of the world's websites) What brought this attack on was simply bad online practices so not endemic to WordPress. That's why we're viewed as one of Australia's top WordPress Website Builders - go Smarter 😎
Here are some good reads on this:
We've been monitoring our servers and your website very closely, so please do not worry. All is well in the land of Smarter Hosting. If you have any concerns ring the office on 08 9439 2820.
Share this if you want to make others aware.