Within the last several days, NextGen, as well as our partners and fellow web hosting companies, have become aware of an emerging threat targeting sites running the WordPress content management system.
According to details obtained by NextGen and our partners, this threat specifically attempts to break into WordPress installations by brute-force cracking admin area passwords (by trying multiple password combinations hundreds, or sometimes thousands, of times). If your account's administrator credentials are broken, the attacker is then able to entirely take over your site, and, in turn, your entire hosting account. Additionally, the volume of requests created by the attacker(s) while trying various password combinations also creates a dangerously high load on the server hosting the targeted site.
If you use the WordPress content management system, you should take immediate precautions to ensure the security of your site. Primarily, ensure that your WordPress installation and its associated plugins are kept up-to-date with their latest versions. Additionally, change the "admin" username in your installation to another unique username to ensure that an attacker cannot try passwords against the admin username. Finally, ensure that you are using a lengthy and unique password on your site that contains upper and lowercase letters as well as multiple numbers and special characters (symbols). You may also consider installing a free security plugin, such as this one, to assist you in completing these suggested steps.
Your site's security and reliability is our priority, and if you have any questions about this message or require assistance securing your account, do not hesitate to contact us.
This announcement was originally published on April 13, 2013.
