WordPress, an easy-to-use website building platform, has enjoyed widespread popularity all over the world. It is highly customizable and can create robust websites without using a significant amount of the more complicated aspects of HTML or PHP. WordPress is so popular, current estimates indicate as many as one in six sites use the platform in one way or another.
When just about anything becomes popular on the internet, it gains a lot of attention from hackers. WordPress is no exception, and attacks on WordPress sites are becoming increasingly widespread. Hackers typically brute-force passwords to WordPress accounts that use the default username, admin. Brute-forcing a password means simply trying every possible combination of letters and numbers until the right one is chosen. Because many WordPress accounts use the default username, they are vulnerable to brute-forcing since the second layer of security that comes from having a unique username is not present.
Hackers use compromised accounts and computers to create networks of infected computers that perform distributed denial of service attacks (DDoS). A DDoS attack on a site occurs when hacked computers make thousands of requests to a server, overwhelming it and essentially blocking access to the site.
Experts suggest using complex passwords and advise against using “admin” as the username for WordPress accounts.