Earlier this month, WordPress users across the world (as well as users on other platforms) fell victim to a massive brute-force attack on their sites.
The hack, or attempted hack, used a large botnet (a network of compromised computers doing the bidding of someone else) to repeatedly try and guess passwords on WordPress sites to gain administrative access to them. From there, the botnets would take over the sites and attempt to integrate them into a new bothnet, one made up of high-powered servers with better connections to the Web.
For most sites, the hacking attempt was pretty harmless. If you don’t use the original “admin” account and have a password that is easily guessed, you were most likely safe from the attack. Rather, the attack was an attempt to cast a broad net in hopes of finding the low-hanging fruit, sites that can be trivially broken into.
But while your site is probably fine as long as you took even the most basic precautions, there were still repercussions. The weight of thousands of attempts to login put a strain on many people’s servers, especially if the server had many different WordPress sites. This resulted in websites slowing to a crawl and even shutting down, including ones not directly affected.
But while the worst seems to have passed for now, there are still some lessons to be learned from it and it’s important to grasp them before the next wave hits.
Because if there’s one thing that’s for certain, there is another wave coming. Read More