WordPress Websites Being Attacked By Hackers

By · Filed in Websites

In the last week or so there have been reports of WordPress websites being attacked by hackers. You may have come across an article the BBC published about this yesterday (15th April) (

WordPress is a very popular platform for websites and is estimated to power 17% of all websites in the World. It is also a very secure platform.

We are hearing reports of some WordPress websites being hacked into using a “brute force” method. The hackers simply try to login to the site’s admin area by guessing a username and password and if that does not work they try another guess. They keep trying until their list of thousands of possible usernames and passwords are used up or they happen to hit “lucky” (or “unlucky” depending on your point of view!) and find a match. Of course they do not type these details in, they have “robot” software that can try a huge number of these possible username/password combinations every second.

The immediate effect of this attack is that some web servers have been reportedly running slowly due to the large volume of attempts being made to login. And, for a few unlucky website owners, if the hackers gain access they then have their site modified by the hacker to the detriment of the website owner and the site’s visitors. In addition, it seems that the hackers are adding extra copies of the robot software into sites they hack into so that the hacked website is then being used to search for more vulnerable sites.

At this stage we are unclear on the real extent of this “problem”. It has been suggested that some people are trying to make this out to be a bigger problem than it really is so that they can sell security services to website owners. On the other hand we have experienced some sites running slower over the last two weeks and we do know that websites (WordPress or not) do get hacked from time to time.

Therefore, we recommend that, if you have a WordPress (or any other type of website), you do the following:

  1. If the username that you use to login to your website is “admin”, please change it to something different. “Admin” was the standard username for all WordPress websites for many years.
  2. Please make sure that your login password is “strong”. This means it is 8 characters or more in length and contains uppercase Letters, lowercase Letters, numbers and, ideally, symbols. If it is not, please change it.
  3. Check what version of WordPress your site is using. Ideally it should be the latest version (v3.5.1).
  4. Make sure that your site is backed up regularly. If it should be hacked into you need to know that there is a copy of it “pre-hack” that you can get back in place quickly
  5. Consider installing extra security software depending on the criticality of your site.

We’ll post up some quick guides to help you do all the above tasks on our website over the next few days so please check for them there.

Also, you might want to re-read the article we posted in February titled Been Hacked Yet?

If you have any questions, let us know.

Leave a Comment


Despite what some website hosting comapnies might tell you, backups are essential! Their server might crash, your site may get hacked, or you may accidentally delete something. Being told that your site (or part of it) is simply “lost” is unacceptable. You invested time and money in getting your website to where it is today and it may contain content that is virtually irreplaceable (eg comments and other content posted from your website visitors).

The minimum service that we provide our clients with our “standard” hosting includes daily backups, kept for a month plus weekly backups taken “offsite” (away from the hosting company) so if they have a fire etc the data is still safe. Please insist on the same “standard” service as a minimum for your website. Reputable hosting companies will expect you to want this and will include it as a minimum. If your hosting company does not offer this, then change! Now! Before you need the backup they don’t have!

If there is some reason why you want to stay with a hosting company that does not backup your site for you (I can’t think offhand what that might be by the way) then you can add a Plugin to your website to take backups for you. Two free backup plugins worth looking at are and VaultPress ( is a highly respected third choice that includes realtime backups. There is a charge for their service that starts at $15 a month per site.

While the best passwords can take thousands of years for an automated password program to crack, the typical passwords that we actually use can be cracked at a rate of about 1000 accounts every 17 minutes!

Abcd1234 is NOT a strong password, neither is a pet or family name, even when every “i” is converted to “1” and every “o” is converted to “0”. They are very easy to guess. For things NOT to do, you might find this an interesting read:

There are two ways that we suggest you create a strong password. Either follow the advice in that Imperva report: “take a sentence and turn it into a password. Something like ‘This little piggy went to market’ might become TlpWENT2m” or use a password generator (maybe something like the one from PC Tools here:

Remember it is ok to write the password down, just don’t write it down alongside the site it is a password for. However, it is often easier and safer to use a password manager such as or

The most popular question we have had so far is “How do I change my username”. So, here’s how …
1. Log in to your admin area and go to Users
2. Add a new user – you will need to use a different email address to the one that is associated to your current admin account. Make sure that you set this new user up with a role of “administrator”
3. Log out of your site and log back in as the new user
4. Delete the old “admin” user, being careful to make sure that you select the option to transfer all content across to your new user. You do not want all content associated with the old user to be deleted.
5. That’s it! 🙂

Learn how to grow your business by 25% or more in the next 12 months - get the book free now