Last week, a massive amount of blogs that use WordPress as a CMS were hacked and infected with a virus capable of figuring out weak admin passwords by brute force. The problem still hasn’t been resolved, and the botnet is exponentially infecting more than 100,000 computers.
WordPress is the most-used content management system for creating blogs, which is why a well-orchestrated attack of this scale was destined to work. It works by figuring out the blog’s admin password through a series of random combinations of 1,000 words. Because it is a massive attack, and despite the infection ratio being very small, it is easy to figure out weak passwords simply because there are so many blogs that use this CMS.
According to CloudFlare, a telecommunications service provider (which hasn’t had a break lately ever since the massive DDoS attack), more than 60 million requests per hour of this type have been detected, and in certain cases, the providers are even blocking certain IP’s access to WordPress administration panels.
Currently, it isn’t a problem that is affecting users, but hosting services are experiencing problems because the outbound traffic of the infected computers that are incessantly attacking other computers connected to the Internet has increased enormously. Complications could arise in the future if the virus’ objective is to send spam or take complete control of the login information of those who were infected.
The best way to see if you have been infected is to access the WordPress admin panel and check if an unknown user has been created. You should also strengthen your password by including letters and numbers. Also, it would be a good idea to restore your WordPress installation to a previous version, or completely reinstall it. Lastly, to prevent future attacks, it would be a good idea to install some security plugin, such as Wordfence or Limit Long Attempts, which would reduce the risk of being victim of massive login attempts.