A large botnet is being used to brute-force passwords for a significant number of WordPress blogs. And by large, we mean large…
The botnet is estimated at using some 90,000 computers and tens of thousands of unique IP addresses in its increasing number of attacks. As is the case with brute-force attacks, conventional methods of stopping them, such as blocking IPs after several failed login attempts, won’t hold up. What’s stopping it?
Strong, unique usernames and passwords.
The attackers are targeting users with the most frequently reused usernames and passwords: admin, test, administrator, root; 123456, 11111, etc. By not using those credentials, Matt Mullenweg, founding developer of WordPress says, “…you’ll be ahead of 99 percent of sites out there and probably never have a problem.”
WordPress advises you to update your username and password to something strong and unique. WordPress.com users should enable two-step authentication. We add our strong support to that advice, plus one tip.
Use a password manager
Now is also a good time to set up Dashlane, a password manager that helps protect you against such attacks. When you have the ability to randomly generate and securely store your passwords – and autofill them instantly all over the web – you’re not dependent on having to create easy-to-remember (read: easy-to-guess) passwords or reuse them. And when you have a personalized Security Dashboard showing you where your weak spots are, you can be proactive about your online security.
For the strongest passwords you’ve ever had – and never had to remember - get Dashlane today.