Matt Mullenweg founder of the Open Source software company WordPress addresses delegates during the annual meeting of the World Economic Forum (WEF) in Davos January 25, 2013. (Photo : Reuters)
The blogging and website design site WordPress is under attack by hackers wielding an army of botnets -- compromised computers working in tandem to break into targeted sites.
The current attack is likely preparation for a much larger attack coming at a later date. For now, the hackers are directing their computers to "brute force" Wordpress passwords.
Essentially, thousands of computers are infected with a virus that allows hackers to direct many of their activities. The hackers are currently telling those computers to try to log onto random WordPress accounts, inputting "admin" as the username and trying out various passwords until they find the one that works.
It's an inefficient process, akin to trying every possible number combination on a padlock until you find the right one, but the computers can check thousands of passwords at a time.
Eventually, they stumble upon the right one, and can then infect the website or computer with a copy of the virus, bringing it under the hacker's control. While the hackers currently have a stable of personal computers under their control, the process also allows hackers to take control of more powerful systems that will ne compromised during this wave of attacks.
WordPress released an update to its security measures last week, rolling out two-factor authentication for the first time. But the hackers take advantage of user laziness or carelessness. The current attack is only targeting WordPress users who haven't bothered to change the default "admin" username to something more personal or private. That's like setting the PIN on your ATM card to "1234."
"If you still use 'admin' as a username on your blog, change it, use a strong password, if you're on WordPress.com turn on two-factor authentication, and of course make sure you're up-to-date on the latest version of WordPress," WordPress founder Matt Mullenwag said. "Do this and you'll be ahead of 99 percent of sites out there and probably never have a problem."