WordPress Security


In a follow up to this post a timely reminder that WordPress installations must be secure.

Hackers have developed a distributed WordPress admin account cracking scheme that poses a severe risk for the security of blogs whose owners select insecure passwords.

PHP scripts located on a virtual server run bruteforce (password guessing) attacks on targeted sites. Many sites can be attacked at the same time by the system, with results written into an associated database.

Further details are available here and from the original here.

Having a non standard login (i.e. not administrator) and a long alphanumeric password are easy steps to take, as well as restricting administrative changes to a particular IP address