April 12, 2013 by
I started reading reports about brute force attacks on WordPress sites late Friday afternoon. At the bottom of this article I have included some links that discuss the attacks.
Though I have not been made aware of any clients at RAS Design Media being hit, there is always that possibility and I feel it best to be pro-active. To do so I recommend the following:
Log in to your WordPress dashboard as the Administrator as soon as possible and change the passwords for all users. These passwords should be 8 characters in length or more, be totally random and should contain alpha-numeric characters (upper and lower case) and a few punctuation characters as well (#@!$%^&*()_). Using a password generator would be very helpful. Macs have the Keyword Access app installed which includes a password generator. PC I would guess have a similar app or at least one available. Please remember to write these new passwords down.
The second step you could take is to add a new Administrative user to your website. This user should be assigned the role of ADMINISTRATOR [THIS IS IMPORTANT]. The username should be random [THIS IS IMPORTANT] and the password should be random and include the specs mentioned above[THIS IS IMPORTANT]. Once you have created that new administrator, log out completely and log back in as the new administrator. It is important to write down the username and password of that new user. Once you are sure you have created that new user properly and have been able to login using the new user credentials then you can delete the original administrator user that your site was launched with.
Please keep in mind that once you delete the original Administrator user, RAS Design Media will not have access to your website Dashboard. If you would like me to continue having access to your website at an administrative level you will need to send me the new administrative credentials.
If you are not comfortable adding/deleting users I would be happy to schedule time to do this for you.
There are deeper security measures that can be taken and I would be happy to schedule some time to discuss and implement these measures at your request as well.
I will continue to keep tabs on this and other security issues and will post relevant material on the RAS Design Media Facebook and Twitter pages: