Hey there my name is Graham, I'm a Bailbond agent and a Real Estate Professional in Central California, so I have several sites dedicated to my businesses that I count on and manage my self. I want to talk a little about Wordpress security.
Last week I went to log in to one of my wordpress sites and this is the popup message I got. "Due to botnet brute force login attack, temporarily use the following credentials to access wordpress".
I didn't know how that got there and my first thought was my site had been hacked, so I checked with my hosting provider and sure enough they had put it there to protect themselves from the huge botnet attack that was occuring and still is by the way.
So what's going on? A 90,000 strong I.P botnet is trying to hack our Wordpress sites using the common "admin" account and some other vulnerabilities within WordPress. This is throughout the internet so don't take my word for it, these are just a few of the sites that have discussed it recently including the BBC, US Cert which is a government site-- Department of Homeland Security no less, Net Security.org and SecurityWeek.com.
The one I liked the best is SecureScanPro check this out - the reason is that it does do everything and you can install it and 2 minutes later you are done and can get back to work, or blogging, or whatever it is you do on-line. It has a clever little captcha, no they are not those obnoxious ones you can not read, but a simple math question like 9-3=? It also a timeout feature, I have been getting regular emails saying that someone has been banned for not answering the captcha correctly and I know it's not me because my math is still respectable. It is reassuring to know that it is working though.
You could almost leave your password and admin the same, but probably a lot better to take an extra minute and change them both to something stronger. My recommendation is also to use the free functions of Lastpass.com to save your passwords as it is a great cross platform password manager that runs across all your devices and truly the last password you will ever have to remember. And again ... it's free !!
Here's the SecureScanPro websitehttp://www.youtube.com/watch?v=cCSjpiQDeVE. I installed on all my sites in a few minutes, it's as easy as a few clicks and turn the red markers into green now it's back to work and no more problems.